Описание
ELSA-2019-4190: nss, nss-softokn, nss-util security update (IMPORTANT)
nss [3.44.0-7]
- Increase timeout on ssl_gtest so that slow platforms can complete when running on a busy system.
[3.44.0-6]
- back out out-of-bounds patch (patch for nss-softokn).
- Fix segfault on empty or malformed ecdh keys (#1777712)
[3.44.0-5]
- Fix out-of-bounds write in NSC_EncryptUpdate (#1775910)
nss-softokn [3.44.0-8.0.1]
- Add fips140-2 DSA Known Answer Test fix [Orabug: 26679337]
- Add fips140-2 ECDSA/RSA/DSA Pairwise Consistency Test fix [Orabug: 26617814], [Orabug: 26617879], [Orabug: 26617849]
[3.44.0-8]
- Fix segfault on empty or malformed ecdh keys (#1777712)
[3.44.0-7]
- Fix out-of-bounds write in NSC_EncryptUpdate (#1775911,#1775910)
[3.44.0-6]
- Fix fipstest to use the standard mechanism for TLS 1.2 PRF
nss-util [3.44.0-4]
- Fix segfault on empty or malformed ecdh keys (#1777712)
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
nss
3.44.0-7.el7_7
nss-devel
3.44.0-7.el7_7
nss-pkcs11-devel
3.44.0-7.el7_7
nss-softokn
3.44.0-8.0.1.el7_7
nss-softokn-devel
3.44.0-8.0.1.el7_7
nss-softokn-freebl
3.44.0-8.0.1.el7_7
nss-softokn-freebl-devel
3.44.0-8.0.1.el7_7
nss-sysinit
3.44.0-7.el7_7
nss-tools
3.44.0-7.el7_7
nss-util
3.44.0-4.el7_7
nss-util-devel
3.44.0-4.el7_7
Oracle Linux x86_64
nss
3.44.0-7.el7_7
nss-devel
3.44.0-7.el7_7
nss-pkcs11-devel
3.44.0-7.el7_7
nss-softokn
3.44.0-8.0.1.el7_7
nss-softokn-devel
3.44.0-8.0.1.el7_7
nss-softokn-freebl
3.44.0-8.0.1.el7_7
nss-softokn-freebl-devel
3.44.0-8.0.1.el7_7
nss-sysinit
3.44.0-7.el7_7
nss-tools
3.44.0-7.el7_7
nss-util
3.44.0-4.el7_7
nss-util-devel
3.44.0-4.el7_7
Связанные CVE
Связанные уязвимости
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
When encrypting with a block cipher, if a call to NSC_EncryptUpdate wa ...
Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.