Oval Definition:	oval:org.mitre.oval:def:21084
Revision Date: 2014-02-17 Version: 38 Title: RHSA-2013:1135: nss and nspr security, bug fix, and enhancement update (Moderate) Description: The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. Family: unix Class: patch Status: ACCEPTED Reference(s): CESA-2013:1135 CVE-2013-0791 CVE-2013-1620 RHSA-2013:1135-00 Platform(s): CentOS Linux 5 Red Hat Enterprise Linux 5 Product(s): nspr nss Definition Synopsis Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 OR The operating system installed on the system is CentOS Linux 5.x AND Packages section nspr is earlier than 0:4.9.5-1.el5_9 OR nspr-devel is earlier than 0:4.9.5-1.el5_9 OR nss-pkcs11-devel is earlier than 0:3.14.3-6.el5_9 OR nss-tools is earlier than 0:3.14.3-6.el5_9 OR nss-devel is earlier than 0:3.14.3-6.el5_9 OR nss is earlier than 0:3.14.3-6.el5_9
BACK