Gentoo Logo

Mozilla Network Security Service: Multiple vulnerabilities


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 201406-19 / nss
Release Date June 21, 2014
Latest Revision June 21, 2014: 1
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
dev-libs/nss < 3.15.3 >= 3.15.3 All supported architectures

Related bugreports: #455558, #486114, #491234


Multiple vulnerabilities have been discovered in Mozilla Network Security Service, the worst of which could lead to Denial of Service.

2.  Impact Information


The Mozilla Network Security Service is a library implementing security features like SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates.


Multiple vulnerabilities have been discovered in the Mozilla Network Security Service. Please review the CVE identifiers referenced below for more details about the vulnerabilities.


A remote attacker can cause a Denial of Service condition.

3.  Resolution Information


There is no known workaround at this time.


All Mozilla Network Security Service users should upgrade to the latest version:

Code Listing 3.1: Resolution

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.15.3"

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.

4.  References


Page updated June 21, 2014

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.