Bug 630047 (CVE-2010-3170)
Summary: | CVE-2010-3170 firefox/nss: doesn't handle IP-based wildcards in X509 certificates safely | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | caillon, emaldona, kengert, rrelyea, stransky |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-11-11 08:16:12 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jan Lieskovsky
2010-09-03 15:27:36 UTC
This will be fixed in NSS 3.12.8 Mozilla has assigned CVE-2010-3170 identifier to this issue. Mozilla upstream bug: [3] https://bugzilla.mozilla.org/show_bug.cgi?id=578697 (not public yet) (In reply to comment #2) > Mozilla upstream bug: > [3] https://bugzilla.mozilla.org/show_bug.cgi?id=578697 (not public yet) The bug is referenced in the comment for the following upstream CVS commit: http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&subdir=mozilla/security/nss/lib/certdb&command=DIFF_FRAMESET&file=certdb.c&rev1=1.107&rev2=1.108&root=/cvsroot This issue has been addressed in following products: Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Via RHSA-2010:0781 https://rhn.redhat.com/errata/RHSA-2010-0781.html This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2010:0782 https://rhn.redhat.com/errata/RHSA-2010-0782.html This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2010:0862 https://rhn.redhat.com/errata/RHSA-2010-0862.html |