Описание
Security update for mozilla-nspr, mozilla-nss
This update for mozilla-nspr, mozilla-nss fixes the following issues:
mozilla-nss was updated to NSS 3.47.1:
Security issues fixed:
- CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819).
- CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527).
- CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322).
mozilla-nspr was updated to version 4.23:
- Whitespace in C files was cleaned up and no longer uses tab characters for indenting.
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0008-1
- SUSE Security Ratings
- SUSE Bug 1141322
- SUSE Bug 1158527
- SUSE Bug 1159819
- SUSE CVE CVE-2018-18508 page
- SUSE CVE CVE-2019-11745 page
- SUSE CVE CVE-2019-17006 page
Описание
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
Затронутые продукты
Ссылки
- CVE-2018-18508
- SUSE Bug 1124571
Описание
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
Затронутые продукты
Ссылки
- CVE-2019-11745
- SUSE Bug 1158328
- SUSE Bug 1158527
Описание
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
Затронутые продукты
Ссылки
- CVE-2019-17006
- SUSE Bug 1159819