Description: | Network Security Services (NSS) is a set of libraries designed to supportthe cross-platform development of security-enabled client and serverapplications. Netscape Portable Runtime (NSPR) provides platformindependence for non-GUI operating system facilities.A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One)input from certain RSA signatures. A remote attacker could use this flaw toforge RSA certificates by providing a specially crafted signature to anapplication using NSS. (CVE-2014-1568)Red Hat would like to thank the Mozilla project for reporting this issue.Upstream acknowledges Antoine Delignat-Lavaud and Intel Product SecurityIncident Response Team as the original reporters.All NSS users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. After installing thisupdate, applications using NSS must be restarted for this update totake effect. |