Joined: 12 May 2004
|Posted: Sat Jun 21, 2014 10:26 pm Post subject: [ GLSA 201406-19 ] Mozilla Network Security Service: Multipl
|Gentoo Linux Security Advisory
Title: Mozilla Network Security Service: Multiple vulnerabilities (GLSA 201406-19)
Date: June 21, 2014
Bug(s): #455558, #486114, #491234
Multiple vulnerabilities have been discovered in Mozilla Network
Security Service, the worst of which could lead to Denial of Service.
The Mozilla Network Security Service is a library implementing security
features like SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12,
S/MIME and X.509 certificates.
Vulnerable: < 3.15.3
Unaffected: >= 3.15.3
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in the Mozilla Network
Security Service. Please review the CVE identifiers referenced below for
more details about the vulnerabilities.
A remote attacker can cause a Denial of Service condition.
There is no known workaround at this time.
All Mozilla Network Security Service users should upgrade to the latest
Packages which depend on this library may need to be recompiled. Tools
|# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/nss-3.15.3"
such as revdep-rebuild may assist in identifying some of these packages.
Last edited by GLSA on Mon Nov 24, 2014 4:34 am; edited 2 times in total