MGASA-2016-0114

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0114.html

Import Source

https://advisories.mageia.org/MGASA-2016-0114.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2016-0114

Related

CVE-2016-1950

Published

2016-03-16T18:07:23Z

Modified

2016-03-16T17:48:48Z

Summary

Updated nss packages fix CVE-2016-1950

Details

Updated rootcerts and nss packages fix security vulnerability:

A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library (CVE-2016-1950).

This issue was supposed to have been fixed in MGASA-2016-0105, but Mozilla did not include the fix until the following nss releases.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / rootcerts

Package

Name: rootcerts
Purl: pkg:rpm/mageia/rootcerts?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20160225.00-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / nss

Package

Name: nss
Purl: pkg:rpm/mageia/nss?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.23.0-1.mga5

Ecosystem specific

{
    "section": "core"
}