Back to bug 1391818

Who When What Removed Added
Huzaifa S. Sidhpurwala 2016-11-04 06:40:23 UTC CC security-response-team
Huzaifa S. Sidhpurwala 2016-11-04 06:46:50 UTC Blocks 1391819
Kai Engert (:kaie) (inactive account) 2016-11-04 07:56:04 UTC CC dueno, hkario
Adam Mariš 2016-11-04 08:52:01 UTC Summary EMBARGOED nss: small-subgroups attack flaw EMBARGOED CVE-2016-8635 nss: small-subgroups attack flaw
Alias CVE-2016-8635
Huzaifa S. Sidhpurwala 2016-11-14 04:18:42 UTC Doc Text It was found that Diffie Hellman Client key exchange handling in NSS, was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.
Huzaifa S. Sidhpurwala 2016-11-14 07:29:54 UTC Blocks 1380228
Huzaifa S. Sidhpurwala 2016-11-14 09:53:11 UTC CC sparks
Flags needinfo?(sparks)
Huzaifa S. Sidhpurwala 2016-11-14 09:59:03 UTC Whiteboard impact=moderate,public=no,reported=20161104,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,rhel-5/nss=affected,rhel-6/nss=affected,rhel-7/nss=affected,fedora-all/nss=new impact=moderate,public=no,reported=20161104,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,rhel-5/nss=affected,rhel-6/nss=affected,rhel-7/nss=affected,fedora-all/nss=notaffected
Eric Christensen 2016-11-14 13:07:59 UTC Doc Text It was found that Diffie Hellman Client key exchange handling in NSS, was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. It was found that Diffie Hellman Client key exchange handling in NSS is vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.
Eric Christensen 2016-11-14 13:22:27 UTC CC sparks
Flags needinfo?(sparks)
Tomas Hoger 2016-11-14 21:31:07 UTC Doc Text It was found that Diffie Hellman Client key exchange handling in NSS is vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.
Huzaifa S. Sidhpurwala 2016-11-15 04:40:52 UTC CC sparks
Flags needinfo?(sparks)
Eric Christensen 2016-11-15 16:18:50 UTC CC sparks
Flags needinfo?(sparks)
Huzaifa S. Sidhpurwala 2016-11-16 03:22:28 UTC Group security, qe_staff
Summary EMBARGOED CVE-2016-8635 nss: small-subgroups attack flaw CVE-2016-8635 nss: small-subgroups attack flaw
Whiteboard impact=moderate,public=no,reported=20161104,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,rhel-5/nss=affected,rhel-6/nss=affected,rhel-7/nss=affected,fedora-all/nss=notaffected impact=moderate,public=20161116,reported=20161104,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,rhel-5/nss=affected,rhel-6/nss=affected,rhel-7/nss=affected,fedora-all/nss=notaffected
Huzaifa S. Sidhpurwala 2016-11-16 06:12:27 UTC Status NEW CLOSED
Resolution --- ERRATA
Last Closed 2016-11-16 01:12:27 UTC
Slawomir Czarko 2016-11-16 09:15:07 UTC CC slawomir
Yasuhiro Ozone 2016-12-07 02:13:53 UTC CC yozone
Product Security DevOps Team 2019-09-29 13:59:56 UTC Whiteboard impact=moderate,public=20161116,reported=20161104,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N,rhel-5/nss=affected,rhel-6/nss=affected,rhel-7/nss=affected,fedora-all/nss=notaffected

Back to bug 1391818