Описание
ELSA-2021-3572: nss and nspr security, bug fix, and enhancement update (MODERATE)
nspr [4.32.0-1]
- Update to NSPR 4.32
[4.31.0-1]
- Update to NSPR 4.31
[4.30.0-1]
- Update to NSPR 4.30
nss [3.67.0-6]
- Fix ssl alert issue
[3.67.0-5]
- Fix issue with reading databases that were updated using unpatched versions of nss
[3.67.0-4]
- Better fix for the sdb timeout. The issue wasn't a race, it was the sqlite timeout waiting to begin a transaction under heavy thread usage.
[3.67.0-3]
- Fix sdb race condition
[3.67.0-2]
- Fix coverity issues
[3.67.0-1]
- Rebase to NSS 3.67
[3.66.0-2]
- Restore old pkcs12 defaults.
[3.66.0-1.1]
- build nss for older nspr so we can pass gating with the new nspr in the build root
[3.66.0-1]
- Rebase to NSS 3.66
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
nspr
4.32.0-1.el8_4
nspr-devel
4.32.0-1.el8_4
nss
3.67.0-6.el8_4
nss-devel
3.67.0-6.el8_4
nss-softokn
3.67.0-6.el8_4
nss-softokn-devel
3.67.0-6.el8_4
nss-softokn-freebl
3.67.0-6.el8_4
nss-softokn-freebl-devel
3.67.0-6.el8_4
nss-sysinit
3.67.0-6.el8_4
nss-tools
3.67.0-6.el8_4
nss-util
3.67.0-6.el8_4
nss-util-devel
3.67.0-6.el8_4
Oracle Linux x86_64
nspr
4.32.0-1.el8_4
nspr-devel
4.32.0-1.el8_4
nss
3.67.0-6.el8_4
nss-devel
3.67.0-6.el8_4
nss-softokn
3.67.0-6.el8_4
nss-softokn-devel
3.67.0-6.el8_4
nss-softokn-freebl
3.67.0-6.el8_4
nss-softokn-freebl-devel
3.67.0-6.el8_4
nss-sysinit
3.67.0-6.el8_4
nss-tools
3.67.0-6.el8_4
nss-util
3.67.0-6.el8_4
nss-util-devel
3.67.0-6.el8_4
Связанные CVE
Связанные уязвимости
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) message ...
Moderate: nss and nspr security, bug fix, and enhancement update