[ALAS-2015-608] Amazon Linux AMI 2014.03 - ALAS-2015-608: critical priority package update for nspr nss-util nss jss
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2015-7183:
A heap-based buffer overflow was found in NSPR. An attacker could use this flaw to cause NSPR to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSPR library.
1269353:
CVE-2015-7183 nspr: heap-buffer overflow in PL_ARENA_ALLOCATE (MFSA 2015-133)
CVE-2015-7182:
A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library.
1269351:
CVE-2015-7182 nss: ASN.1 decoder heap overflow when decoding constructed OCTET STRING that mixes indefinite and definite length encodings (MFSA 2015-133)
CVE-2015-7181:
A use-after-poison flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library.
1269345:
CVE-2015-7181 nss: use-after-poison in sec_asn1d_parse_leaf() (MFSA 2015-133)
- ID
- ALAS-2015-608
- Severity
- critical
- URL
- https://alas.aws.amazon.com/ALAS-2015-608.html
- Published
-
2015-11-05T01:58:00
(9 years ago) - Modified
-
2015-11-04T22:49:00
(9 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2015-7181 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181 | |
CVE | CVE-2015-7182 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182 | |
CVE | CVE-2015-7183 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183 | |
redhat | RHSA-2015:1981 | https://rhn.redhat.com/errata/RHSA-2015:1981.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/amazonlinux/nss?arch=x86_64&distro=amazonlinux-1 | amazonlinux | nss | < 3.19.1-7.74.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/nss?arch=i686&distro=amazonlinux-1 | amazonlinux | nss | < 3.19.1-7.74.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/nss-util?arch=x86_64&distro=amazonlinux-1 | amazonlinux | nss-util | < 3.19.1-4.47.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/nss-util?arch=i686&distro=amazonlinux-1 | amazonlinux | nss-util | < 3.19.1-4.47.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/nss-util-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | nss-util-devel | < 3.19.1-4.47.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/nss-util-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | nss-util-devel | < 3.19.1-4.47.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/nss-util-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | nss-util-debuginfo | < 3.19.1-4.47.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/nss-util-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | nss-util-debuginfo | < 3.19.1-4.47.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/nss-tools?arch=x86_64&distro=amazonlinux-1 | amazonlinux | nss-tools | < 3.19.1-7.74.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/nss-tools?arch=i686&distro=amazonlinux-1 | amazonlinux | nss-tools | < 3.19.1-7.74.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/nss-sysinit?arch=x86_64&distro=amazonlinux-1 | amazonlinux | nss-sysinit | < 3.19.1-7.74.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/nss-sysinit?arch=i686&distro=amazonlinux-1 | amazonlinux | nss-sysinit | < 3.19.1-7.74.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/nss-pkcs11-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | nss-pkcs11-devel | < 3.19.1-7.74.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/nss-pkcs11-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | nss-pkcs11-devel | < 3.19.1-7.74.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/nss-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | nss-devel | < 3.19.1-7.74.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/nss-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | nss-devel | < 3.19.1-7.74.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/nss-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | nss-debuginfo | < 3.19.1-7.74.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/nss-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | nss-debuginfo | < 3.19.1-7.74.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/nspr?arch=x86_64&distro=amazonlinux-1 | amazonlinux | nspr | < 4.10.8-2.35.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/nspr?arch=i686&distro=amazonlinux-1 | amazonlinux | nspr | < 4.10.8-2.35.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/nspr-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux | nspr-devel | < 4.10.8-2.35.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/nspr-devel?arch=i686&distro=amazonlinux-1 | amazonlinux | nspr-devel | < 4.10.8-2.35.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/nspr-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | nspr-debuginfo | < 4.10.8-2.35.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/nspr-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | nspr-debuginfo | < 4.10.8-2.35.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/jss?arch=x86_64&distro=amazonlinux-1 | amazonlinux | jss | < 4.2.6-35.17.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/jss?arch=i686&distro=amazonlinux-1 | amazonlinux | jss | < 4.2.6-35.17.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/jss-javadoc?arch=x86_64&distro=amazonlinux-1 | amazonlinux | jss-javadoc | < 4.2.6-35.17.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/jss-javadoc?arch=i686&distro=amazonlinux-1 | amazonlinux | jss-javadoc | < 4.2.6-35.17.amzn1 | amazonlinux-1 | i686 | |
Affected | pkg:rpm/amazonlinux/jss-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux | jss-debuginfo | < 4.2.6-35.17.amzn1 | amazonlinux-1 | x86_64 | |
Affected | pkg:rpm/amazonlinux/jss-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux | jss-debuginfo | < 4.2.6-35.17.amzn1 | amazonlinux-1 | i686 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |