CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
95.1%
CentOS Errata and Security Advisory CESA-2014:0916
Network Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications. Netscape Portable Runtime (NSPR) provides platform
independence for non-GUI operating system facilities.
A race condition was found in the way NSS verified certain certificates.
A remote attacker could use this flaw to crash an application using NSS or,
possibly, execute arbitrary code with the privileges of the user running
that application. (CVE-2014-1544)
Red Hat would like to thank the Mozilla project for reporting
CVE-2014-1544. Upstream acknowledges Tyson Smith and Jesse Schwartzentruber
as the original reporters.
Users of NSS and NSPR are advised to upgrade to these updated packages,
which correct this issue. After installing this update, applications using
NSS or NSPR must be restarted for this update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-July/082589.html
https://lists.centos.org/pipermail/centos-announce/2014-July/082590.html
https://lists.centos.org/pipermail/centos-announce/2014-July/082594.html
Affected packages:
nspr
nspr-devel
nss
nss-devel
nss-pkcs11-devel
nss-sysinit
nss-tools
Upstream details at:
https://access.redhat.com/errata/RHSA-2014:0916
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | i386 | nspr | < 4.10.6-1.el5_10 | nspr-4.10.6-1.el5_10.i386.rpm |
CentOS | 5 | i386 | nspr-devel | < 4.10.6-1.el5_10 | nspr-devel-4.10.6-1.el5_10.i386.rpm |
CentOS | 5 | i386 | nspr | < 4.10.6-1.el5_10 | nspr-4.10.6-1.el5_10.i386.rpm |
CentOS | 5 | x86_64 | nspr | < 4.10.6-1.el5_10 | nspr-4.10.6-1.el5_10.x86_64.rpm |
CentOS | 5 | i386 | nspr-devel | < 4.10.6-1.el5_10 | nspr-devel-4.10.6-1.el5_10.i386.rpm |
CentOS | 5 | x86_64 | nspr-devel | < 4.10.6-1.el5_10 | nspr-devel-4.10.6-1.el5_10.x86_64.rpm |
CentOS | 5 | i386 | nss | < 3.15.3-7.el5_10 | nss-3.15.3-7.el5_10.i386.rpm |
CentOS | 5 | i386 | nss-devel | < 3.15.3-7.el5_10 | nss-devel-3.15.3-7.el5_10.i386.rpm |
CentOS | 5 | i386 | nss-pkcs11-devel | < 3.15.3-7.el5_10 | nss-pkcs11-devel-3.15.3-7.el5_10.i386.rpm |
CentOS | 5 | i386 | nss-tools | < 3.15.3-7.el5_10 | nss-tools-3.15.3-7.el5_10.i386.rpm |