Synopsis:          Critical: nss and nspr security update

Advisory ID:       SLSA-2015:1980-1

Issue Date:        2015-11-04

CVE Numbers:       CVE-2015-7181

                   CVE-2015-7182

                   CVE-2015-7183

--



A use-after-poison flaw and a heap-based buffer overflow flaw were found

in the way NSS parsed certain ASN.1 structures. An attacker could use

these flaws to cause NSS to crash or execute arbitrary code with the

permissions of the user running an application compiled against the NSS

library. (CVE-2015-7181, CVE-2015-7182)



A heap-based buffer overflow was found in NSPR. An attacker could use this

flaw to cause NSPR to crash or execute arbitrary code with the permissions

of the user running an application compiled against the NSPR library.

(CVE-2015-7183)

--



SL5

  x86_64

    nspr-4.10.8-2.el5_11.i386.rpm

    nspr-4.10.8-2.el5_11.x86_64.rpm

    nspr-debuginfo-4.10.8-2.el5_11.i386.rpm

    nspr-debuginfo-4.10.8-2.el5_11.x86_64.rpm

    nss-3.19.1-2.el5_11.i386.rpm

    nss-3.19.1-2.el5_11.x86_64.rpm

    nss-debuginfo-3.19.1-2.el5_11.i386.rpm

    nss-debuginfo-3.19.1-2.el5_11.x86_64.rpm

    nss-tools-3.19.1-2.el5_11.x86_64.rpm

    nspr-devel-4.10.8-2.el5_11.i386.rpm

    nspr-devel-4.10.8-2.el5_11.x86_64.rpm

    nss-devel-3.19.1-2.el5_11.i386.rpm

    nss-devel-3.19.1-2.el5_11.x86_64.rpm

    nss-pkcs11-devel-3.19.1-2.el5_11.i386.rpm

    nss-pkcs11-devel-3.19.1-2.el5_11.x86_64.rpm

  i386

    nspr-4.10.8-2.el5_11.i386.rpm

    nspr-debuginfo-4.10.8-2.el5_11.i386.rpm

    nss-3.19.1-2.el5_11.i386.rpm

    nss-debuginfo-3.19.1-2.el5_11.i386.rpm

    nss-tools-3.19.1-2.el5_11.i386.rpm

    nspr-devel-4.10.8-2.el5_11.i386.rpm

    nss-devel-3.19.1-2.el5_11.i386.rpm

    nss-pkcs11-devel-3.19.1-2.el5_11.i386.rpm



- Scientific Linux Development Team