Synopsis: Critical: nss and nspr security update Advisory ID: SLSA-2015:1980-1 Issue Date: 2015-11-04 CVE Numbers: CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 -- A use-after-poison flaw and a heap-based buffer overflow flaw were found in the way NSS parsed certain ASN.1 structures. An attacker could use these flaws to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library. (CVE-2015-7181, CVE-2015-7182) A heap-based buffer overflow was found in NSPR. An attacker could use this flaw to cause NSPR to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSPR library. (CVE-2015-7183) -- SL5 x86_64 nspr-4.10.8-2.el5_11.i386.rpm nspr-4.10.8-2.el5_11.x86_64.rpm nspr-debuginfo-4.10.8-2.el5_11.i386.rpm nspr-debuginfo-4.10.8-2.el5_11.x86_64.rpm nss-3.19.1-2.el5_11.i386.rpm nss-3.19.1-2.el5_11.x86_64.rpm nss-debuginfo-3.19.1-2.el5_11.i386.rpm nss-debuginfo-3.19.1-2.el5_11.x86_64.rpm nss-tools-3.19.1-2.el5_11.x86_64.rpm nspr-devel-4.10.8-2.el5_11.i386.rpm nspr-devel-4.10.8-2.el5_11.x86_64.rpm nss-devel-3.19.1-2.el5_11.i386.rpm nss-devel-3.19.1-2.el5_11.x86_64.rpm nss-pkcs11-devel-3.19.1-2.el5_11.i386.rpm nss-pkcs11-devel-3.19.1-2.el5_11.x86_64.rpm i386 nspr-4.10.8-2.el5_11.i386.rpm nspr-debuginfo-4.10.8-2.el5_11.i386.rpm nss-3.19.1-2.el5_11.i386.rpm nss-debuginfo-3.19.1-2.el5_11.i386.rpm nss-tools-3.19.1-2.el5_11.i386.rpm nspr-devel-4.10.8-2.el5_11.i386.rpm nss-devel-3.19.1-2.el5_11.i386.rpm nss-pkcs11-devel-3.19.1-2.el5_11.i386.rpm - Scientific Linux Development Team