ALT Linux Team

Branch sisyphus update on 2016-01-09

2016-01-09

ALT-BU-2016-2527-1

Branch sisyphus update bulletin.

ALT-PU-2016-1012-1

Package nss updated to version 3.20.2-alt1 for branch sisyphus in task 155706.

Closed vulnerabilities

Published: 2016-01-19

BDU:2016-00136

Уязвимость программных платформ Jrockit и Java Platform, позволяющая нарушителю получить доступ на чтение данных или модифицировать данные

Severity: MEDIUM (4.0)
References:
Published: 2016-01-09
Modified: 2024-11-21

CVE-2015-7575

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:

ALT-PU-2016-1013-1

Package firefox updated to version 43.0.4-alt1 for branch sisyphus in task 155706.

Closed vulnerabilities

Published: 2016-01-19

BDU:2016-00136

Уязвимость программных платформ Jrockit и Java Platform, позволяющая нарушителю получить доступ на чтение данных или модифицировать данные

Severity: MEDIUM (4.0)
References:
Published: 2016-01-09
Modified: 2024-11-21

CVE-2015-7575

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top