ELSA-2019-4114

Опубликовано: 09 дек. 2019

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2019-4114: nss security update (IMPORTANT)

[3.44.0-9]

Fix out-of-bounds write in NSC_EncryptUpdate (#1775912)

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

nss

3.44.0-9.el8_1

nss-devel

3.44.0-9.el8_1

nss-softokn

3.44.0-9.el8_1

nss-softokn-devel

3.44.0-9.el8_1

nss-softokn-freebl

3.44.0-9.el8_1

nss-softokn-freebl-devel

3.44.0-9.el8_1

nss-sysinit

3.44.0-9.el8_1

nss-tools

3.44.0-9.el8_1

nss-util

3.44.0-9.el8_1

nss-util-devel

3.44.0-9.el8_1

Oracle Linux x86_64

nss

3.44.0-9.el8_1

nss-devel

3.44.0-9.el8_1

nss-softokn

3.44.0-9.el8_1

nss-softokn-devel

3.44.0-9.el8_1

nss-softokn-freebl

3.44.0-9.el8_1

nss-softokn-freebl-devel

3.44.0-9.el8_1

nss-sysinit

3.44.0-9.el8_1

nss-tools

3.44.0-9.el8_1

nss-util

3.44.0-9.el8_1

nss-util-devel

3.44.0-9.el8_1

Связанные CVE

CVE-2019-11745

Ссылки на источники

Связанные уязвимости

CVE-2019-11745

CVSS3: 8.8

ubuntu

почти 6 лет назад

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.