Bugzilla – Bug 1010517
VUL-0: CVE-2016-5285: mozilla-nss: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash
Last modified: 2020-06-13 00:55:56 UTC
rh#1383883 A flaw was found in the way a NSS server could be crashed remotely by a client sending an invalid DH key. Fixed in https://hg.mozilla.org/projects/nss/rev/45c047d18ac4 References: https://bugzilla.redhat.com/show_bug.cgi?id=1383883 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5285
bugbot adjusting priority
This fix is included in the 3.21.1 -> 3.21.3 version update.
SUSE-SU-2016:3014-1: An update that solves 8 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1009026,1010395,1010401,1010402,1010404,1010410,1010422,1010427,1010517,992549 CVE References: CVE-2016-5285,CVE-2016-5290,CVE-2016-5291,CVE-2016-5296,CVE-2016-5297,CVE-2016-9064,CVE-2016-9066,CVE-2016-9074 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP2 (src): MozillaFirefox-45.5.0esr-88.1, mozilla-nss-3.21.3-50.1 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): MozillaFirefox-45.5.0esr-88.1, mozilla-nss-3.21.3-50.1 SUSE Linux Enterprise Server for SAP 12 (src): MozillaFirefox-45.5.0esr-88.1, mozilla-nss-3.21.3-50.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): MozillaFirefox-45.5.0esr-88.1, mozilla-nss-3.21.3-50.1 SUSE Linux Enterprise Server 12-SP2 (src): MozillaFirefox-45.5.0esr-88.1, mozilla-nss-3.21.3-50.1 SUSE Linux Enterprise Server 12-SP1 (src): MozillaFirefox-45.5.0esr-88.1, mozilla-nss-3.21.3-50.1 SUSE Linux Enterprise Server 12-LTSS (src): MozillaFirefox-45.5.0esr-88.1, mozilla-nss-3.21.3-50.1 SUSE Linux Enterprise Desktop 12-SP2 (src): MozillaFirefox-45.5.0esr-88.1, mozilla-nss-3.21.3-50.1 SUSE Linux Enterprise Desktop 12-SP1 (src): MozillaFirefox-45.5.0esr-88.1, mozilla-nss-3.21.3-50.1
SUSE-SU-2016:3080-1: An update that solves 9 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1000751,1009026,1010395,1010401,1010402,1010404,1010410,1010422,1010427,1010517,1012964,992549 CVE References: CVE-2016-5285,CVE-2016-5290,CVE-2016-5291,CVE-2016-5296,CVE-2016-5297,CVE-2016-9064,CVE-2016-9066,CVE-2016-9074,CVE-2016-9079 Sources used: SUSE OpenStack Cloud 5 (src): MozillaFirefox-45.5.1esr-59.1, mozilla-nss-3.21.3-39.1 SUSE Manager Proxy 2.1 (src): MozillaFirefox-45.5.1esr-59.1, mozilla-nss-3.21.3-39.1 SUSE Manager 2.1 (src): MozillaFirefox-45.5.1esr-59.1, mozilla-nss-3.21.3-39.1 SUSE Linux Enterprise Software Development Kit 11-SP4 (src): MozillaFirefox-45.5.1esr-59.1, mozilla-nss-3.21.3-39.1 SUSE Linux Enterprise Server 11-SP4 (src): MozillaFirefox-45.5.1esr-59.1, mozilla-nss-3.21.3-39.1 SUSE Linux Enterprise Server 11-SP3-LTSS (src): MozillaFirefox-45.5.1esr-59.1, mozilla-nss-3.21.3-39.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): MozillaFirefox-45.5.1esr-59.1, mozilla-nss-3.21.3-39.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): MozillaFirefox-45.5.1esr-59.1, mozilla-nss-3.21.3-39.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): MozillaFirefox-45.5.1esr-59.1, mozilla-nss-3.21.3-39.1
SUSE-SU-2016:3105-1: An update that solves 9 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1000751,1009026,1010395,1010401,1010402,1010404,1010410,1010422,1010427,1010517,1012964,992549 CVE References: CVE-2016-5285,CVE-2016-5290,CVE-2016-5291,CVE-2016-5296,CVE-2016-5297,CVE-2016-9064,CVE-2016-9066,CVE-2016-9074,CVE-2016-9079 Sources used: SUSE Linux Enterprise Server 11-SP2-LTSS (src): MozillaFirefox-45.5.1esr-63.1, mozilla-nss-3.21.3-30.1 SUSE Linux Enterprise Debuginfo 11-SP2 (src): MozillaFirefox-45.5.1esr-63.1, mozilla-nss-3.21.3-30.1
released