Oval Definition:	oval:org.mitre.oval:def:24119
Revision Date: 2014-05-26 Version: 22 Title: ELSA-2013:1144: nss, nss-util, nss-softokn, and nspr security update (Moderate) Description: The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2013-0791 CVE-2013-1620 ELSA-2013:1144-00 Platform(s): Oracle Linux 6 Product(s): nspr nss nss-softokn nss-util Definition Synopsis Oracle Linux 6.x AND rpm test nspr is earlier than 0:4.9.5-2.el6_4 OR nspr-devel is earlier than 0:4.9.5-2.el6_4 OR nss-softokn-freebl is earlier than 0:3.14.3-3.el6_4 OR nss-softokn-freebl-devel is earlier than 0:3.14.3-3.el6_4 OR nss-softokn-devel is earlier than 0:3.14.3-3.el6_4 OR nss-softokn is earlier than 0:3.14.3-3.el6_4 OR nss-pkcs11-devel is earlier than 0:3.14.3-4.el6_4 OR nss-tools is earlier than 0:3.14.3-4.el6_4 OR nss-devel is earlier than 0:3.14.3-4.el6_4 OR nss is earlier than 0:3.14.3-4.el6_4 OR nss-sysinit is earlier than 0:3.14.3-4.el6_4 OR nss-util-devel is earlier than 0:3.14.3-3.el6_4 OR nss-util is earlier than 0:3.14.3-3.el6_4
BACK