The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mod_nss | Mod_nss_project | * | 1.0.11 (including) |
| Libapache2-mod-nss | Ubuntu | artful | * |
| Libapache2-mod-nss | Ubuntu | precise | * |
| Libapache2-mod-nss | Ubuntu | upstream | * |
| Libapache2-mod-nss | Ubuntu | vivid | * |
| Libapache2-mod-nss | Ubuntu | wily | * |
| Libapache2-mod-nss | Ubuntu | yakkety | * |
| Libapache2-mod-nss | Ubuntu | zesty | * |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175248.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176026.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1259216
- https://pagure.io/mod_nss/c/34e1ccecb4a7d5054dba2f92b403af9b6ae1e110
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175248.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176026.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1259216
- https://pagure.io/mod_nss/c/34e1ccecb4a7d5054dba2f92b403af9b6ae1e110