[3.2] nss: use-after-poison and buffer overflow in the ASN.1 decoder in Network Security Services (CVE-2015-7181, CVE-2015-7182)
CVE-2015-7181: use-after-poison in sec_asn1d_parse_leaf()
Upstream commits:
http://hg.mozilla.org/projects/nss/rev/8ac7f47eecbb
http://hg.mozilla.org/projects/nss/rev/25cb033147fd
CVE-2015-7182: ASN.1 decoder heap overflow when decoding constructed OCTET STRING that mixes indefinite and definite length encodings
Upstream commits:
http://hg.mozilla.org/projects/nss/rev/4dc247276e58
http://hg.mozilla.org/projects/nss/rev/534aca7a5bca
http://hg.mozilla.org/projects/nss/rev/b4feb2cb0ed6
These issues were fixed in:
NSS version 3.19.2.1 and 3.19.4, shipped in Firefox and Firefox ESR, respectively, as well as NSS 3.20.1.
References:
https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS\_3.19.2.1\_release\_notes
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS\_3.19.4\_release\_notes
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS\_3.20.1\_release\_notes
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-7181
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-7182
Consolidated fix with all about changes as applied to 3.20 branch:
http://hg.mozilla.org/projects/nss/rev/685d45ec4723
http://hg.mozilla.org/projects/nss/rev/f47d00c2732a
(from redmine: issue id 4843, created on 2015-11-11, closed on 2015-12-01)
- Relations:
- parent #4842 (closed)
- Changesets:
- Revision 6c1b951f by Natanael Copa on 2015-11-30T14:40:08Z:
main/nss: security upgrade to 3.19.2.1 (CVE-2015-7181,CVE-2015-7182)
fixes #4843