IBM Security Bulletin: IBM Security Access Manager for Web is affected by vulnerabilities in nss, nss-util, and nspr (CVE-2016-1978, CVE-2016-1979)
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. IBM Security Access Manager for Web uses NSS and is affected by two use-after-free flaws that have been identified in the NSS libraries.
CVE(s): CVE-2016-1978, CVE-2016-1979
Affected product(s) and affected version(s):
IBM Security Access Manager for Web 7.0 appliances
IBM Security Access Manager for Web 8.0, all firmware versions
IBM Security Access Manager 9.0, all firmware versions
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/29OEygp
X-Force Database: http://ift.tt/1TuzxZZ
X-Force Database: http://ift.tt/20vxDHr
from IBM Product Security Incident Response Team http://ift.tt/29OI7Ps