[2.7] nss: use-after-poison and buffer overflow in the ASN.1 decoder in Network Security Services (CVE-2015-7181, CVE-2015-7182)
CVE-2015-7181: use-after-poison in sec_asn1d_parse_leaf()
Upstream commits:
http://hg.mozilla.org/projects/nss/rev/8ac7f47eecbb
http://hg.mozilla.org/projects/nss/rev/25cb033147fd
CVE-2015-7182: ASN.1 decoder heap overflow when decoding constructed OCTET STRING that mixes indefinite and definite length encodings
Upstream commits:
http://hg.mozilla.org/projects/nss/rev/4dc247276e58
http://hg.mozilla.org/projects/nss/rev/534aca7a5bca
http://hg.mozilla.org/projects/nss/rev/b4feb2cb0ed6
These issues were fixed in:
NSS version 3.19.2.1 and 3.19.4, shipped in Firefox and Firefox ESR, respectively, as well as NSS 3.20.1.
References:
https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS\_3.19.2.1\_release\_notes
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS\_3.19.4\_release\_notes
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS\_3.20.1\_release\_notes
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-7181
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-7182
Consolidated fix with all about changes as applied to 3.20 branch:
http://hg.mozilla.org/projects/nss/rev/685d45ec4723
http://hg.mozilla.org/projects/nss/rev/f47d00c2732a
(from redmine: issue id 4846, created on 2015-11-11, closed on 2015-12-01)
- Relations:
- parent #4842 (closed)
- Changesets:
- Revision 957beb35 by Natanael Copa on 2015-11-30T15:31:07Z:
main/nss: security upgrade to 3.19.2.1
CVE-2015-2721
CVE-2015-2730
CVE-2015-7181
CVE-2015-7182
fixes #4721
fixes #4846