Bug 1315565 (CVE-2016-1978)

Summary: CVE-2016-1978 nss: Use-after-free in NSS during SSL connections in low memory (MFSA 2016-15)
Product: [Other] Security Response Reporter: Huzaifa S. Sidhpurwala <huzaifas>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: security-response-team, slawomir
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
A use-after-free flaw was found in the way NSS handled DHE (Diffie–Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 02:49:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1316003, 1323648, 1323649, 1323650, 1323651, 1323652    
Bug Blocks: 1310521    

Description Huzaifa S. Sidhpurwala 2016-03-08 05:44:23 UTC 
Mozilla developer Eric Rescorla reported that a failed allocation during DHE and ECDHE handshakes would lead to a use-after-free vulnerability. 

External Reference:

https://www.mozilla.org/security/announce/2016/mfsa2016-15.html
Comment 1 Huzaifa S. Sidhpurwala 2016-03-08 05:44:33 UTC 
Acknowledgments:

Name: the Mozilla project
Upstream: Eric Rescorla
Comment 2 Huzaifa S. Sidhpurwala 2016-03-09 08:43:44 UTC 
Created nss tracking bugs for this issue:

Affects: fedora-all [bug 1316003]
Comment 4 errata-xmlrpc 2016-04-05 11:20:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2016:0591 https://rhn.redhat.com/errata/RHSA-2016-0591.html
Comment 5 errata-xmlrpc 2016-04-25 11:58:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:0685 https://rhn.redhat.com/errata/RHSA-2016-0685.html
Comment 6 errata-xmlrpc 2016-04-25 12:15:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2016:0684 https://rhn.redhat.com/errata/RHSA-2016-0684.html