1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
PublicDateAtUSN: 2014-01-18
Candidate: CVE-2013-1740
PublicDate: 2014-01-18
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1740
https://developer.mozilla.org/docs/NSS/NSS_3.15.4_release_notes
https://bugzilla.redhat.com/show_bug.cgi?id=1053725
https://bugzilla.mozilla.org/show_bug.cgi?id=919877
https://bugs.gentoo.org/show_bug.cgi?id=498172
http://xforce.iss.net/xforce/xfdb/90394
http://www.ubuntu.com/usn/usn-2088-1
Description:
The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network
Security Services (NSS) before 3.15.4, when the TLS False Start feature is
enabled, allows man-in-the-middle attackers to spoof SSL servers by using
an arbitrary X.509 certificate during certain handshake traffic.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Brian Smith
Assigned-to: mdeslaur
Patches_nss:
upstream_nss: released (2:3.15.4-1)
lucid_nss: released (3.15.4-0ubuntu0.10.04.1)
precise_nss: released (3.15.4-0ubuntu0.12.04.1)
quantal_nss: released (3.15.4-0ubuntu0.12.10.1)
raring_nss: ignored (reached end-of-life)
saucy_nss: released (2:3.15.4-0ubuntu0.13.10.1)
devel_nss: released (2:3.15.4-1ubuntu3)
|