Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:14858-1

Опубликовано: 06 дек. 2021
Источник: suse-cvrf

Описание

Security update for mozilla-nss

This update for mozilla-nss fixes the following issues:

Update to version 3.68.1:

  • CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170).

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3
libfreebl3-3.68.1-47.19.1
libsoftokn3-3.68.1-47.19.1
mozilla-nss-3.68.1-47.19.1
mozilla-nss-certs-3.68.1-47.19.1
mozilla-nss-tools-3.68.1-47.19.1
SUSE Linux Enterprise Server 11 SP4-LTSS
libfreebl3-3.68.1-47.19.1
libfreebl3-32bit-3.68.1-47.19.1
libsoftokn3-3.68.1-47.19.1
libsoftokn3-32bit-3.68.1-47.19.1
mozilla-nss-3.68.1-47.19.1
mozilla-nss-32bit-3.68.1-47.19.1
mozilla-nss-certs-3.68.1-47.19.1
mozilla-nss-certs-32bit-3.68.1-47.19.1
mozilla-nss-devel-3.68.1-47.19.1
mozilla-nss-tools-3.68.1-47.19.1

Ссылки

Описание

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libfreebl3-3.68.1-47.19.1
SUSE Linux Enterprise Point of Sale 11 SP3:libsoftokn3-3.68.1-47.19.1
SUSE Linux Enterprise Point of Sale 11 SP3:mozilla-nss-3.68.1-47.19.1
SUSE Linux Enterprise Point of Sale 11 SP3:mozilla-nss-certs-3.68.1-47.19.1
Ссылки