Synopsis:          Moderate: nss-softokn security update
Advisory ID:       SLSA-2015:1699-1
Issue Date:        2015-09-01
CVE Numbers:       CVE-2015-2730
--

A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve
Digital Signature Algorithm) signatures. Under certain conditions, an
attacker could use this flaw to conduct signature forgery attacks.
(CVE-2015-2730)
--

SL6
  x86_64
    nss-softokn-3.14.3-23.el6_7.i686.rpm
    nss-softokn-3.14.3-23.el6_7.x86_64.rpm
    nss-softokn-debuginfo-3.14.3-23.el6_7.i686.rpm
    nss-softokn-debuginfo-3.14.3-23.el6_7.x86_64.rpm
    nss-softokn-freebl-3.14.3-23.el6_7.i686.rpm
    nss-softokn-freebl-3.14.3-23.el6_7.x86_64.rpm
    nss-softokn-devel-3.14.3-23.el6_7.i686.rpm
    nss-softokn-devel-3.14.3-23.el6_7.x86_64.rpm
    nss-softokn-freebl-devel-3.14.3-23.el6_7.i686.rpm
    nss-softokn-freebl-devel-3.14.3-23.el6_7.x86_64.rpm
  i386
    nss-softokn-3.14.3-23.el6_7.i686.rpm
    nss-softokn-debuginfo-3.14.3-23.el6_7.i686.rpm
    nss-softokn-freebl-3.14.3-23.el6_7.i686.rpm
    nss-softokn-devel-3.14.3-23.el6_7.i686.rpm
    nss-softokn-freebl-devel-3.14.3-23.el6_7.i686.rpm
SL7
  x86_64
    nss-softokn-3.16.2.3-13.el7_1.i686.rpm
    nss-softokn-3.16.2.3-13.el7_1.x86_64.rpm
    nss-softokn-debuginfo-3.16.2.3-13.el7_1.i686.rpm
    nss-softokn-debuginfo-3.16.2.3-13.el7_1.x86_64.rpm
    nss-softokn-freebl-3.16.2.3-13.el7_1.i686.rpm
    nss-softokn-freebl-3.16.2.3-13.el7_1.x86_64.rpm
    nss-softokn-devel-3.16.2.3-13.el7_1.i686.rpm
    nss-softokn-devel-3.16.2.3-13.el7_1.x86_64.rpm
    nss-softokn-freebl-devel-3.16.2.3-13.el7_1.i686.rpm
    nss-softokn-freebl-devel-3.16.2.3-13.el7_1.x86_64.rpm

- Scientific Linux Development Team