[amres-info] Ranjivost NSS biblioteka (CVE-2014-1568,VU#772676)
Miloš Kukoleča
milos.kukoleca at amres.ac.rs
Fri Sep 26 12:01:25 CEST 2014
Poštovane koleginice i kolege,
Pojavila se nova ranjivost u Mozilla Network Security Services (NSS)
bibliotekama. Ove biblioteke se često koriste u raznim Linux distribucijama.
Problem može nastati jer ove biblioteke ne uspevaju da verifikuju RSA
potpise zbog nepravilnog parsiranja DigestInfo polja u okviru PKCS#1
standarda. Ovo može dovesti do falsifikovanja SSL sertifikata.
Molimo vas da proverite vaše Linux servere i ažurirate NSS bibliotečki paket
budući da su sve distribucije izdale najnoviju zakrpu. U nastavku vas
upućujemo na odgovarajuće linkove za posebne distribucije.
RedHat operativni sistem:
https://rhn.redhat.com/errata/RHSA-2014-1307.html
Debian operativni sistem:
https://www.debian.org/security/2014/dsa-3033
Ubuntu operativni sistem:
http://www.ubuntu.com/usn/usn-2361-1/
Srdačan pozdrav,
AMRES CSIRT tim
Description: bplogo
Akademska mreža Republike Srbije
Bulevar Kralja Aleksandra 90, 11000 Beograd, Srbija
Tel: +381 11 7158 942
Fax: +381 11 3370 288
Email csirt at amres.ac.rs
Internet: <http://www.amres.ac.rs/> http://www.amres.ac.rs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://afrodita.rcub.bg.ac.rs/pipermail/amres-info/attachments/20140926/913f5897/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 3571 bytes
Desc: not available
Url : http://afrodita.rcub.bg.ac.rs/pipermail/amres-info/attachments/20140926/913f5897/attachment.gif
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5603 bytes
Desc: not available
Url : http://afrodita.rcub.bg.ac.rs/pipermail/amres-info/attachments/20140926/913f5897/attachment.bin
More information about the amres-info
mailing list