A new paper by the PROSECCO/INRIA research team published at Real World Crypto uncovered various issues with weak hash functions. One of them is a client impersonation attack enabled by the fact that nss will accept RSA-MD5 signatures for client authentication. nss 3.21 fixes this. nss 3.21 is already in the tree, but not yet stabilized. The Mozilla upstream bug report is still private: https://bugzilla.mozilla.org/show_bug.cgi?id=1158489 We should stabilize nss 3.21.
According to what [1] reads right now, these Gentoo packages are also affected: net-libs/mbedtls-2.1.3 net-libs/polarssl (all versions) dev-java/oracle-jdk-bin:1.8 dev-java/oracle-jre-bin:1.8 Should those be dedicated bug reports or should this very ticket handle them all? [1] http://www.mitls.org/pages/attacks/SLOTH#disclosure
(In reply to Sebastian Pipping from comment #1) > > Should those be dedicated bug reports or should this very ticket handle them > all? The cleanest by far is dedicated bug reports and blocking a tracker bug for the overall issue.
I got the OK from vapier that the changes he made to nss-3.21-r2 should be good to go for stabilization, let's do it: Arches, please stabilize =dev-libs/nss-3.21-r2
Stable for HPPA.
3.21 fixes another vuln (found by me actually), I'll just add the CVE to the description here.
Stable on alpha.
Stable for PPC64.
amd64 stable
x86 stable
arm stable
*** Bug 571518 has been marked as a duplicate of this bug. ***
ppc stable
sparc stable
ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
3.20 is still in the tree... @maintainer(s), can you please clean this?
This issue was resolved and addressed in GLSA 201701-46 at https://security.gentoo.org/glsa/201701-46 by GLSA coordinator Thomas Deutschmann (whissi).
