Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2015:1664 - Security Advisory
Issued:
2015-08-24
Updated:
2015-08-24

RHSA-2015:1664 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: nss security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated nss packages that fix two security issues, several bugs, and add
various enhancements are now available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

Description

Network Security Services (NSS) is a set of libraries designed to support
cross-platform development of security-enabled client and server
applications.

It was found that NSS permitted skipping of the ServerKeyExchange packet
during a handshake involving ECDHE (Elliptic Curve Diffie-Hellman key
Exchange). A remote attacker could use this flaw to bypass the
forward-secrecy of a TLS/SSL connection. (CVE-2015-2721)

A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve
Digital Signature Algorithm) signatures. Under certain conditions, an
attacker could use this flaw to conduct signature forgery attacks.
(CVE-2015-2730)

Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges Karthikeyan Bhargavan as the original reporter of
CVE-2015-2721, and Watson Ladd as the original reporter of CVE-2015-2730.

The nss packages have been upgraded to upstream version 3.19.1, which
provides a number of bug fixes and enhancements over the previous version.

All nss users are advised to upgrade to these updated packages, which
correct these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 1236954 - CVE-2015-2730 NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64)
  • BZ - 1236967 - CVE-2015-2721 NSS: incorrectly permited skipping of ServerKeyExchange (MFSA 2015-71)

CVEs

  • CVE-2015-2721
  • CVE-2015-2730

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://www.mozilla.org/security/announce/2015/mfsa2015-64.html
  • https://www.mozilla.org/security/announce/2015/mfsa2015-71.html
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
nss-3.19.1-1.el5_11.src.rpm SHA-256: 087a2562d464d8714143a2de7091d2fce55865af8faa26385144608b68ca5387
x86_64
nss-3.19.1-1.el5_11.i386.rpm SHA-256: cef7032028e9e3b296195d31f80407691fe92b4a0d1e446f3041168ef30c2f74
nss-3.19.1-1.el5_11.x86_64.rpm SHA-256: b44fc83caa47a77f51e5eac55187e01d9bf3cb175b453f647efc4c3bff3dced0
nss-debuginfo-3.19.1-1.el5_11.i386.rpm SHA-256: 44b6bb32017ba12b42e22fcacc2a08c48d181c6808e7f386c9d1d51b7ee6e01c
nss-debuginfo-3.19.1-1.el5_11.x86_64.rpm SHA-256: e9f7514fa54ebca47005ef9a3fa84771e6ee28be21411d6b291097bbab1d7dc7
nss-devel-3.19.1-1.el5_11.i386.rpm SHA-256: c6512ce29107af71f9445ad8767b8a621efb1fd23aedba8360a738e6069d880f
nss-devel-3.19.1-1.el5_11.x86_64.rpm SHA-256: 8c5b98cfd48497fb8a22d384ac7882d645176c489915f8e6c52d1d695448bffa
nss-pkcs11-devel-3.19.1-1.el5_11.i386.rpm SHA-256: 9057173fb985d2c9293f527176a34e0023a1381050b1618c372eb40f1194afa1
nss-pkcs11-devel-3.19.1-1.el5_11.x86_64.rpm SHA-256: cdf9daf7e4a5d6931532aa5723b04b3b147dd523a1885971781f289b5068eef1
nss-tools-3.19.1-1.el5_11.x86_64.rpm SHA-256: 84160f7ea637fed75205a6fd4250615e5794d2ba083d798005b1256d8c0f2f77
ia64
nss-3.19.1-1.el5_11.i386.rpm SHA-256: cef7032028e9e3b296195d31f80407691fe92b4a0d1e446f3041168ef30c2f74
nss-3.19.1-1.el5_11.ia64.rpm SHA-256: 28b63e6262f50d667270e01fe1edc897ec1df39362c3bcf78114c5abb780c8e5
nss-debuginfo-3.19.1-1.el5_11.i386.rpm SHA-256: 44b6bb32017ba12b42e22fcacc2a08c48d181c6808e7f386c9d1d51b7ee6e01c
nss-debuginfo-3.19.1-1.el5_11.ia64.rpm SHA-256: d02e1a3cdee46e3f03c65ad8636f430edc9758c426e1b673ace3fa01bc9e69c9
nss-devel-3.19.1-1.el5_11.ia64.rpm SHA-256: f277415f31136f46a59275f985e048ba200bb74887648aaacab28ab7873e3051
nss-pkcs11-devel-3.19.1-1.el5_11.ia64.rpm SHA-256: 2ea62aecaebc2ede8ffa22a4714ee7f4addd7e80d86f1d970480aa6ac83357b7
nss-tools-3.19.1-1.el5_11.ia64.rpm SHA-256: be66a9dfa3801a1c8978ea0b356d9ac45c3698662ca39667c20195dfe67ed285
i386
nss-3.19.1-1.el5_11.i386.rpm SHA-256: cef7032028e9e3b296195d31f80407691fe92b4a0d1e446f3041168ef30c2f74
nss-debuginfo-3.19.1-1.el5_11.i386.rpm SHA-256: 44b6bb32017ba12b42e22fcacc2a08c48d181c6808e7f386c9d1d51b7ee6e01c
nss-devel-3.19.1-1.el5_11.i386.rpm SHA-256: c6512ce29107af71f9445ad8767b8a621efb1fd23aedba8360a738e6069d880f
nss-pkcs11-devel-3.19.1-1.el5_11.i386.rpm SHA-256: 9057173fb985d2c9293f527176a34e0023a1381050b1618c372eb40f1194afa1
nss-tools-3.19.1-1.el5_11.i386.rpm SHA-256: dbfd09bf3ccce0411e60125f070dc9520966254018b92a471be97f788d920520

Red Hat Enterprise Linux Workstation 5

SRPM
nss-3.19.1-1.el5_11.src.rpm SHA-256: 087a2562d464d8714143a2de7091d2fce55865af8faa26385144608b68ca5387
x86_64
nss-3.19.1-1.el5_11.i386.rpm SHA-256: cef7032028e9e3b296195d31f80407691fe92b4a0d1e446f3041168ef30c2f74
nss-3.19.1-1.el5_11.x86_64.rpm SHA-256: b44fc83caa47a77f51e5eac55187e01d9bf3cb175b453f647efc4c3bff3dced0
nss-debuginfo-3.19.1-1.el5_11.i386.rpm SHA-256: 44b6bb32017ba12b42e22fcacc2a08c48d181c6808e7f386c9d1d51b7ee6e01c
nss-debuginfo-3.19.1-1.el5_11.i386.rpm SHA-256: 44b6bb32017ba12b42e22fcacc2a08c48d181c6808e7f386c9d1d51b7ee6e01c
nss-debuginfo-3.19.1-1.el5_11.x86_64.rpm SHA-256: e9f7514fa54ebca47005ef9a3fa84771e6ee28be21411d6b291097bbab1d7dc7
nss-debuginfo-3.19.1-1.el5_11.x86_64.rpm SHA-256: e9f7514fa54ebca47005ef9a3fa84771e6ee28be21411d6b291097bbab1d7dc7
nss-devel-3.19.1-1.el5_11.i386.rpm SHA-256: c6512ce29107af71f9445ad8767b8a621efb1fd23aedba8360a738e6069d880f
nss-devel-3.19.1-1.el5_11.x86_64.rpm SHA-256: 8c5b98cfd48497fb8a22d384ac7882d645176c489915f8e6c52d1d695448bffa
nss-pkcs11-devel-3.19.1-1.el5_11.i386.rpm SHA-256: 9057173fb985d2c9293f527176a34e0023a1381050b1618c372eb40f1194afa1
nss-pkcs11-devel-3.19.1-1.el5_11.x86_64.rpm SHA-256: cdf9daf7e4a5d6931532aa5723b04b3b147dd523a1885971781f289b5068eef1
nss-tools-3.19.1-1.el5_11.x86_64.rpm SHA-256: 84160f7ea637fed75205a6fd4250615e5794d2ba083d798005b1256d8c0f2f77
i386
nss-3.19.1-1.el5_11.i386.rpm SHA-256: cef7032028e9e3b296195d31f80407691fe92b4a0d1e446f3041168ef30c2f74
nss-debuginfo-3.19.1-1.el5_11.i386.rpm SHA-256: 44b6bb32017ba12b42e22fcacc2a08c48d181c6808e7f386c9d1d51b7ee6e01c
nss-debuginfo-3.19.1-1.el5_11.i386.rpm SHA-256: 44b6bb32017ba12b42e22fcacc2a08c48d181c6808e7f386c9d1d51b7ee6e01c
nss-devel-3.19.1-1.el5_11.i386.rpm SHA-256: c6512ce29107af71f9445ad8767b8a621efb1fd23aedba8360a738e6069d880f
nss-pkcs11-devel-3.19.1-1.el5_11.i386.rpm SHA-256: 9057173fb985d2c9293f527176a34e0023a1381050b1618c372eb40f1194afa1
nss-tools-3.19.1-1.el5_11.i386.rpm SHA-256: dbfd09bf3ccce0411e60125f070dc9520966254018b92a471be97f788d920520

Red Hat Enterprise Linux Desktop 5

SRPM
nss-3.19.1-1.el5_11.src.rpm SHA-256: 087a2562d464d8714143a2de7091d2fce55865af8faa26385144608b68ca5387
x86_64
nss-3.19.1-1.el5_11.i386.rpm SHA-256: cef7032028e9e3b296195d31f80407691fe92b4a0d1e446f3041168ef30c2f74
nss-3.19.1-1.el5_11.x86_64.rpm SHA-256: b44fc83caa47a77f51e5eac55187e01d9bf3cb175b453f647efc4c3bff3dced0
nss-debuginfo-3.19.1-1.el5_11.i386.rpm SHA-256: 44b6bb32017ba12b42e22fcacc2a08c48d181c6808e7f386c9d1d51b7ee6e01c
nss-debuginfo-3.19.1-1.el5_11.x86_64.rpm SHA-256: e9f7514fa54ebca47005ef9a3fa84771e6ee28be21411d6b291097bbab1d7dc7
nss-tools-3.19.1-1.el5_11.x86_64.rpm SHA-256: 84160f7ea637fed75205a6fd4250615e5794d2ba083d798005b1256d8c0f2f77
i386
nss-3.19.1-1.el5_11.i386.rpm SHA-256: cef7032028e9e3b296195d31f80407691fe92b4a0d1e446f3041168ef30c2f74
nss-debuginfo-3.19.1-1.el5_11.i386.rpm SHA-256: 44b6bb32017ba12b42e22fcacc2a08c48d181c6808e7f386c9d1d51b7ee6e01c
nss-tools-3.19.1-1.el5_11.i386.rpm SHA-256: dbfd09bf3ccce0411e60125f070dc9520966254018b92a471be97f788d920520

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
nss-3.19.1-1.el5_11.src.rpm SHA-256: 087a2562d464d8714143a2de7091d2fce55865af8faa26385144608b68ca5387
s390x
nss-3.19.1-1.el5_11.s390.rpm SHA-256: 12e4e49a54396cdd993cfe9f7d143c4c3820e4efbb2b0c46f2f7fb6367ad14ba
nss-3.19.1-1.el5_11.s390x.rpm SHA-256: 01c975a3d29490ffa7d919aa285587f3c6a08368b0fbf745dd0e11129c0cb0bc
nss-debuginfo-3.19.1-1.el5_11.s390.rpm SHA-256: 1f55bc36bbf01005f6f840f33ebe98055b1493deb51966fd9b116e038acd9bd8
nss-debuginfo-3.19.1-1.el5_11.s390x.rpm SHA-256: 5010351960e0f0bbee5913853095308c73fbc333cd2a7b53827edaf537a4c342
nss-devel-3.19.1-1.el5_11.s390.rpm SHA-256: e8e7c9965d3cb666d8d7c0ac172ae62f652f346064a16c1ff0aee47b580a87f7
nss-devel-3.19.1-1.el5_11.s390x.rpm SHA-256: 2136eb159a7a42a3c7fbe72d1a5c1db3d5c6df624b17066e348ebcbb900bb870
nss-pkcs11-devel-3.19.1-1.el5_11.s390.rpm SHA-256: c60e02b769e0da9c5eb00c4fe649aa8b7daee13d6fd17e8f20a6e1433f3791dd
nss-pkcs11-devel-3.19.1-1.el5_11.s390x.rpm SHA-256: 123446db8271d5098ee92ba416b1d2b9d045ea9d6af69eac17a06650ce7c135f
nss-tools-3.19.1-1.el5_11.s390x.rpm SHA-256: 41df7a3d304a6850c68c7a1fa1ff58f8a32144187313b0c411cd5801ed6e5746

Red Hat Enterprise Linux for Power, big endian 5

SRPM
nss-3.19.1-1.el5_11.src.rpm SHA-256: 087a2562d464d8714143a2de7091d2fce55865af8faa26385144608b68ca5387
ppc
nss-3.19.1-1.el5_11.ppc.rpm SHA-256: b7f85cf1985292fa96b20bc53b5ea86313584c63861e4310bdd1b39946f9719e
nss-3.19.1-1.el5_11.ppc64.rpm SHA-256: 393e68139c8867f54c22959e3322dbf4fb7fa66851d7c595a8c4296dbd3c1b89
nss-debuginfo-3.19.1-1.el5_11.ppc.rpm SHA-256: 4608cf85bd86c7760e3eeddaa93551df6c8ae622954a7e107bd1a3d9b6d29908
nss-debuginfo-3.19.1-1.el5_11.ppc64.rpm SHA-256: 3b21818e635de1518b3b1ddf18648308faf6bdae525b504bd6c0bda8b1f46a12
nss-devel-3.19.1-1.el5_11.ppc.rpm SHA-256: e8b1b3f41115e3ba4e128bdd9a375bb508d87cbed5218c97b3bce8d87dab5bc0
nss-devel-3.19.1-1.el5_11.ppc64.rpm SHA-256: 11dce892a5aab9a6b3830dfdf29bac68cebd54fb2e0fb4fb9d45649d962b2951
nss-pkcs11-devel-3.19.1-1.el5_11.ppc.rpm SHA-256: 79b2439645325c8a2c0a8cb2ce2dc9e28ea658f3ac8d85012f6cd6e59af2481e
nss-pkcs11-devel-3.19.1-1.el5_11.ppc64.rpm SHA-256: a4dacd055e5cea8c2d234ff53596b00f13b9433b76d6ef57a588816979f8313f
nss-tools-3.19.1-1.el5_11.ppc.rpm SHA-256: 6729832ff4750b56e7697eeadb315e30d5aecaef7e1fd42ce78fe0a0791b5817

Red Hat Enterprise Linux Server from RHUI 5

SRPM
nss-3.19.1-1.el5_11.src.rpm SHA-256: 087a2562d464d8714143a2de7091d2fce55865af8faa26385144608b68ca5387
x86_64
nss-3.19.1-1.el5_11.i386.rpm SHA-256: cef7032028e9e3b296195d31f80407691fe92b4a0d1e446f3041168ef30c2f74
nss-3.19.1-1.el5_11.x86_64.rpm SHA-256: b44fc83caa47a77f51e5eac55187e01d9bf3cb175b453f647efc4c3bff3dced0
nss-debuginfo-3.19.1-1.el5_11.i386.rpm SHA-256: 44b6bb32017ba12b42e22fcacc2a08c48d181c6808e7f386c9d1d51b7ee6e01c
nss-debuginfo-3.19.1-1.el5_11.x86_64.rpm SHA-256: e9f7514fa54ebca47005ef9a3fa84771e6ee28be21411d6b291097bbab1d7dc7
nss-devel-3.19.1-1.el5_11.i386.rpm SHA-256: c6512ce29107af71f9445ad8767b8a621efb1fd23aedba8360a738e6069d880f
nss-devel-3.19.1-1.el5_11.x86_64.rpm SHA-256: 8c5b98cfd48497fb8a22d384ac7882d645176c489915f8e6c52d1d695448bffa
nss-pkcs11-devel-3.19.1-1.el5_11.i386.rpm SHA-256: 9057173fb985d2c9293f527176a34e0023a1381050b1618c372eb40f1194afa1
nss-pkcs11-devel-3.19.1-1.el5_11.x86_64.rpm SHA-256: cdf9daf7e4a5d6931532aa5723b04b3b147dd523a1885971781f289b5068eef1
nss-tools-3.19.1-1.el5_11.x86_64.rpm SHA-256: 84160f7ea637fed75205a6fd4250615e5794d2ba083d798005b1256d8c0f2f77
i386
nss-3.19.1-1.el5_11.i386.rpm SHA-256: cef7032028e9e3b296195d31f80407691fe92b4a0d1e446f3041168ef30c2f74
nss-debuginfo-3.19.1-1.el5_11.i386.rpm SHA-256: 44b6bb32017ba12b42e22fcacc2a08c48d181c6808e7f386c9d1d51b7ee6e01c
nss-devel-3.19.1-1.el5_11.i386.rpm SHA-256: c6512ce29107af71f9445ad8767b8a621efb1fd23aedba8360a738e6069d880f
nss-pkcs11-devel-3.19.1-1.el5_11.i386.rpm SHA-256: 9057173fb985d2c9293f527176a34e0023a1381050b1618c372eb40f1194afa1
nss-tools-3.19.1-1.el5_11.i386.rpm SHA-256: dbfd09bf3ccce0411e60125f070dc9520966254018b92a471be97f788d920520

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility