nss: code execution

Package(s):

nss

CVE #(s):

CVE-2016-1950

Created:

March 9, 2016

Updated:

April 6, 2016

Description:

From the Red Hat advisory:

A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.

Alerts:

Oracle	ELSA-2016-2779	nss and nss-util	2016-11-16
Oracle	ELSA-2016-2779	nss and nss-util	2016-11-16
Debian	DSA-3688-1	nss	2016-10-05
openSUSE	openSUSE-SU-2016:1557-1	firefox, nss	2016-06-11
Gentoo	201605-06	nss	2016-05-31
Debian-LTS	DLA-480-1	nss	2016-05-18
Ubuntu	USN-2934-1	thunderbird	2016-04-27
Ubuntu	USN-2917-3	firefox	2016-04-19
Ubuntu	USN-2917-2	firefox	2016-04-07
Oracle	ELSA-2016-0591	nss, nss-util, and nspr	2016-04-05
SUSE	SUSE-SU-2016:0909-1	firefox, nspr, nss	2016-03-30
Red Hat	RHSA-2016:0495-01	nss-util	2016-03-23
SUSE	SUSE-SU-2016:0820-1	firefox	2016-03-18
Debian	DSA-3520-1	icedove	2016-03-18
Mageia	MGASA-2016-0114	nss	2016-03-16
SUSE	SUSE-SU-2016:0777-1	firefox nspr nss	2016-03-15
SUSE	SUSE-SU-2016:0727-1	firefox, nspr, nss	2016-03-11
openSUSE	openSUSE-SU-2016:0731-1	firefox nss nspr	2016-03-12
openSUSE	openSUSE-SU-2016:0733-1	Firefox	2016-03-12
Ubuntu	USN-2924-1	nss	2016-03-09
Slackware	SSA:2016-069-02	mozilla-nss	2016-03-09
Oracle	ELSA-2016-0370	nss-util	2016-03-09
Mageia	MGASA-2016-0105	firefox	2016-03-09
Debian	DSA-3510-1	iceweasel	2016-03-09
Ubuntu	USN-2917-1	firefox	2016-03-09
Scientific Linux	SLSA-2016:0371-1	nss	2016-03-09
Scientific Linux	SLSA-2016:0370-1	nss-util	2016-03-09
Oracle	ELSA-2016-0370	nss-util	2016-03-08
Oracle	ELSA-2016-0371	nss	2016-03-09
CentOS	CESA-2016:0370	nss-util	2016-03-09
CentOS	CESA-2016:0370	nss-util	2016-03-09
CentOS	CESA-2016:0371	nss	2016-03-09
Red Hat	RHSA-2016:0370-01	nss-util	2016-03-09
Red Hat	RHSA-2016:0371-01	nss	2016-03-09