RHSA-2014:1246Medium
Red Hat Security Advisory: nss and nspr security, bug fix, and enhancement update
🔗 CVE IDs covered (5)
📋 Description
CVE-2013-1740 — nss: false start PR_Recv information disclosure security issue CVE-2014-1490 — nss: TOCTOU, potential use-after-free in libssl's session ticket processing (MFSA 2014-12) CVE-2014-1491 — nss: Do not allow p-1 as a public DH value (MFSA 2014-12) CVE-2014-1492 — nss: IDNA hostname matching code does not follow RFC 6125 recommendation (MFSA 2014-45) CVE-2014-1545 — Mozilla: Out of bounds write in NSPR (MFSA 2014-55)
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2014:1246
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1035281
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1053725
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1060953
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1060955
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1079851
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1107432
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1110857
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1110860
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_1246.json