Oval Definition:oval:com.redhat.rhsa:def:20151185
Revision Date:2015-06-25Version:643
Title:RHSA-2015:1185: nss security update (Moderate)
Description:Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications.

  • A flaw was found in the way the TLS protocol composes the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000)

    Note: This update forces the TLS/SSL client implementation in NSS to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits.

    The nss and nss-util packages have been upgraded to upstream versions 3.19.1. The upgraded versions provide a number of bug fixes and enhancements over the previous versions.

    Users of nss and nss-util are advised to upgrade to these updated packages, which fix these security flaws, bugs, and add these enhancements.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2015-2721
    CVE-2015-2730
    CVE-2015-4000
    RHSA-2015:1185
    RHSA-2015:1185-01
    RHSA-2015:1185-03
    Platform(s):Red Hat Enterprise Linux 6
    Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • nss-util is earlier than 0:3.19.1-1.el6_6
  • AND nss-util is signed with Red Hat redhatrelease2 key
  • nss-util-devel is earlier than 0:3.19.1-1.el6_6
  • AND nss-util-devel is signed with Red Hat redhatrelease2 key
  • nss is earlier than 0:3.19.1-3.el6_6
  • AND nss is signed with Red Hat redhatrelease2 key
  • nss-devel is earlier than 0:3.19.1-3.el6_6
  • AND nss-devel is signed with Red Hat redhatrelease2 key
  • nss-pkcs11-devel is earlier than 0:3.19.1-3.el6_6
  • AND nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
  • nss-sysinit is earlier than 0:3.19.1-3.el6_6
  • AND nss-sysinit is signed with Red Hat redhatrelease2 key
  • nss-tools is earlier than 0:3.19.1-3.el6_6
  • AND nss-tools is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • nss-util is earlier than 0:3.19.1-1.el7_1
  • AND nss-util is signed with Red Hat redhatrelease2 key
  • nss-util-devel is earlier than 0:3.19.1-1.el7_1
  • AND nss-util-devel is signed with Red Hat redhatrelease2 key
  • nss is earlier than 0:3.19.1-3.el7_1
  • AND nss is signed with Red Hat redhatrelease2 key
  • nss-devel is earlier than 0:3.19.1-3.el7_1
  • AND nss-devel is signed with Red Hat redhatrelease2 key
  • nss-pkcs11-devel is earlier than 0:3.19.1-3.el7_1
  • AND nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
  • nss-sysinit is earlier than 0:3.19.1-3.el7_1
  • AND nss-sysinit is signed with Red Hat redhatrelease2 key
  • nss-tools is earlier than 0:3.19.1-3.el7_1
  • AND nss-tools is signed with Red Hat redhatrelease2 key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 6 Client is installed
  • OR Red Hat Enterprise Linux 6 Server is installed
  • OR Red Hat Enterprise Linux 6 Workstation is installed
  • OR Red Hat Enterprise Linux 6 ComputeNode is installed
  • AND
  • nss-util is earlier than 0:3.19.1-1.el6_6
  • AND nss-util is signed with Red Hat redhatrelease2 key
  • nss-util-devel is earlier than 0:3.19.1-1.el6_6
  • AND nss-util-devel is signed with Red Hat redhatrelease2 key
  • nss is earlier than 0:3.19.1-3.el6_6
  • AND nss is signed with Red Hat redhatrelease2 key
  • nss-devel is earlier than 0:3.19.1-3.el6_6
  • AND nss-devel is signed with Red Hat redhatrelease2 key
  • nss-pkcs11-devel is earlier than 0:3.19.1-3.el6_6
  • AND nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
  • nss-sysinit is earlier than 0:3.19.1-3.el6_6
  • AND nss-sysinit is signed with Red Hat redhatrelease2 key
  • nss-tools is earlier than 0:3.19.1-3.el6_6
  • AND nss-tools is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 7 Client is installed
  • OR Red Hat Enterprise Linux 7 Server is installed
  • OR Red Hat Enterprise Linux 7 Workstation is installed
  • OR Red Hat Enterprise Linux 7 ComputeNode is installed
  • AND
  • nss-util is earlier than 0:3.19.1-1.el7_1
  • AND nss-util is signed with Red Hat redhatrelease2 key
  • nss-util-devel is earlier than 0:3.19.1-1.el7_1
  • AND nss-util-devel is signed with Red Hat redhatrelease2 key
  • nss is earlier than 0:3.19.1-3.el7_1
  • AND nss is signed with Red Hat redhatrelease2 key
  • nss-devel is earlier than 0:3.19.1-3.el7_1
  • AND nss-devel is signed with Red Hat redhatrelease2 key
  • nss-pkcs11-devel is earlier than 0:3.19.1-3.el7_1
  • AND nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
  • nss-sysinit is earlier than 0:3.19.1-3.el7_1
  • AND nss-sysinit is signed with Red Hat redhatrelease2 key
  • nss-tools is earlier than 0:3.19.1-3.el7_1
  • AND nss-tools is signed with Red Hat redhatrelease2 key
    • BACK