Red Hat Security Advisory 2016-0685-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. Continue reading...
