Bug 827833 (CVE-2012-0441)

Summary: CVE-2012-0441 nss: NSS parsing errors with zero length items
Product: [Other] Security Response Reporter: Huzaifa S. Sidhpurwala <huzaifas>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: amarecek, emaldona, nparmar, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-07-18 07:26:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 830304, 833480, 834491, 834492, 834493, 835017    
Bug Blocks: 827834    

Description Huzaifa S. Sidhpurwala 2012-06-03 08:48:28 UTC 
Security researcher Kaspar Brand found a flaw in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. Effects of this issue depend on the field. One known symptom is an unexploitable crash in handling OCSP responses. NSS also mishandles zero-length basic constraints, assuming default values for some types that should been rejected as malformed.

Reference:
http://www.mozilla.org/security/announce/2012/mfsa2012-39.html
Comment 2 Elio Maldonado Batiz 2012-06-19 01:06:44 UTC 
From https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2012-0441 this was addressed on nss-3.13.4.
Comment 4 Huzaifa S. Sidhpurwala 2012-06-22 05:11:03 UTC 
This issue does not affect the version of nss as shipped with Fedora 16 and 17, since its already updated to 3.13.4
Comment 7 errata-xmlrpc 2012-07-17 18:17:53 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:1091 https://rhn.redhat.com/errata/RHSA-2012-1091.html
Comment 8 errata-xmlrpc 2012-07-17 18:18:45 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:1090 https://rhn.redhat.com/errata/RHSA-2012-1090.html