Security update for mozilla-nss
Mozilla-nss was updated to 3.28.4 to fix the following issues:
Security issues:
* CVE-2016-9574: Allow use of session tickets when there is no ticket wrapping key (boo#1015499, bmo#1320695)
Non security issues:
* A rare crash when initializing an SSL socket fails has been fixed (bmo#1342358)
* Rare crashes in the base 64 decoder and encoder were fixed (bmo#1344380)
* A carry over bug in the RNG was fixed (bmo#1345089)
* Fixed hash computation (boo#1030071, bmo#1348767)
This update also contains a rebuild of java-1_8_0-openjdk as the java security provider
is very closely tied to the mozilla nss API.
-
Submitted by
Wolfgang Rosenauer (wrosenauer)
Fixed bugs
bnc#1030071
VUL-1: EMBARGOED: mozilla-nss: hash truncation due to use of logical instead of arithmetical or expression
bnc#1015499
VUL-0: CVE-2016-9574: mozilla-nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA
CVE-2016-9574
VUL-0: CVE-2016-9574: mozilla-nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA
