IBM Security Bulletin: IBM Security Access Manager for Mobile is affected by vulnerabilities in nss, nss-util, and nspr (CVE-2016-1978, CVE-2016-1979)
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. IBM Security Access Manager for Mobile uses NSS and is affected by two use-after-free flaws that have been identified in the NSS libraries.
CVE(s): CVE-2016-1978, CVE-2016-1979
Affected product(s) and affected version(s):
IBM Security Access Manager for Mobile 8.0, all firmware versions
IBM Security Access Manager 9.0, all firmware versions
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/29OExZW
X-Force Database: http://ift.tt/1TuzxZZ
X-Force Database: http://ift.tt/20vxDHr
from IBM Product Security Incident Response Team http://ift.tt/29OHeGX