Mozilla developer Eric Rescorla reported that a failed allocation during DHE and ECDHE handshakes would lead to a use-after-free vulnerability. External Reference: https://www.mozilla.org/security/announce/2016/mfsa2016-15.html
Acknowledgments: Name: the Mozilla project Upstream: Eric Rescorla
Created nss tracking bugs for this issue: Affects: fedora-all [bug 1316003]
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:0591 https://rhn.redhat.com/errata/RHSA-2016-0591.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:0685 https://rhn.redhat.com/errata/RHSA-2016-0685.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2016:0684 https://rhn.redhat.com/errata/RHSA-2016-0684.html