Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.3352
nss and nspr security, bug fix, and enhancement update
30 September 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: nss and nspr
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Access Privileged Data -- Existing Account
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-12403 CVE-2020-12402 CVE-2020-12401
CVE-2020-12400 CVE-2020-6829 CVE-2019-17023
CVE-2019-17006 CVE-2019-11756 CVE-2019-11727
CVE-2019-11719
Reference: ASB-2019.0190
ESB-2020.2956.2
ESB-2020.2278
ESB-2019.2864
ESB-2019.2646
Original Bulletin:
https://access.redhat.com/errata/RHSA-2020:4076
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: nss and nspr security, bug fix, and enhancement update
Advisory ID: RHSA-2020:4076-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4076
Issue date: 2020-09-29
CVE Names: CVE-2019-11719 CVE-2019-11727 CVE-2019-11756
CVE-2019-17006 CVE-2019-17023 CVE-2020-6829
CVE-2020-12400 CVE-2020-12401 CVE-2020-12402
CVE-2020-12403
=====================================================================
1. Summary:
An update for nss, nss-softokn, nss-util, and nspr is now available for Red
Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
Network Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications.
Netscape Portable Runtime (NSPR) provides platform independence for non-GUI
operating system facilities.
The following packages have been upgraded to a later upstream version: nss
(3.53.1), nss-softokn (3.53.1), nss-util (3.53.1), nspr (4.25.0).
(BZ#1804262, BZ#1804264, BZ#1804271, BZ#1804273)
Security Fix(es):
* nss: Out-of-bounds read when importing curve25519 private key
(CVE-2019-11719)
* nss: Use-after-free in sftk_FreeSession due to improper refcounting
(CVE-2019-11756)
* nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)
* nss: Side channel attack on ECDSA signature generation (CVE-2020-6829)
* nss: P-384 and P-521 implementation uses a side-channel vulnerable
modular inversion function (CVE-2020-12400)
* nss: ECDSA timing attack mitigation bypass (CVE-2020-12401)
* nss: Side channel vulnerabilities during RSA key generation
(CVE-2020-12402)
* nss: CHACHA20-POLY1305 decryption with undersized tag leads to
out-of-bounds read (CVE-2020-12403)
* nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727)
* nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid
state (CVE-2019-17023)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* Memory leak: libcurl leaks 120 bytes on each connection (BZ#1688958)
* NSS does not set downgrade sentinel in ServerHello.random for TLS 1.0 and
TLS 1.1 (BZ#1712924)
* Make TLS 1.3 work in FIPS mode (BZ#1724251)
* Name Constraints validation: CN treated as DNS name even when
syntactically invalid as DNS name (BZ#1737910)
* x25519 allowed in FIPS mode (BZ#1754518)
* When NSS_SDB_USE_CACHE not set, after curl access https, dentry increase
but never released - consider alternative algorithm for benchmarking ACCESS
call in sdb_measureAccess (BZ#1779325)
* Running ipa-backup continuously causes httpd to crash and makes it
irrecoverable (BZ#1804015)
* nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1857308)
* KDF-self-tests-induced changes for nss in RHEL 7.9 (BZ#1870885)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, applications using NSS or NSPR (for example,
Firefox) must be restarted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1688958 - Memory leak: libcurl leaks 120 bytes on each connection [rhel-7.9.z]
1724251 - Make TLS 1.3 work in FIPS mode [rhel-7.9.z]
1728436 - CVE-2019-11719 nss: Out-of-bounds read when importing curve25519 private key
1730988 - CVE-2019-11727 nss: PKCS#1 v1.5 signatures can be used for TLS 1.3
1737910 - Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name [rhel-7.9.z]
1774835 - CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting
1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives
1779325 - when NSS_SDB_USE_CACHE not set, after curl access https, dentry increase but never released - consider alternative algorithm for benchmarking ACCESS call in sdb_measureAccess
1791225 - CVE-2019-17023 nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state
1804015 - Running ipa-backup continuously causes httpd to crash and makes it irrecoverable
1826187 - CVE-2020-6829 nss: Side channel attack on ECDSA signature generation
1826231 - CVE-2020-12402 nss: Side channel vulnerabilities during RSA key generation
1851294 - CVE-2020-12401 nss: ECDSA timing attack mitigation bypass
1853983 - CVE-2020-12400 nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function
1868931 - CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read
1870885 - KDF-self-tests-induced changes for nss in RHEL 7.9
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
nspr-4.25.0-2.el7_9.src.rpm
nss-3.53.1-3.el7_9.src.rpm
nss-softokn-3.53.1-6.el7_9.src.rpm
nss-util-3.53.1-1.el7_9.src.rpm
x86_64:
nspr-4.25.0-2.el7_9.i686.rpm
nspr-4.25.0-2.el7_9.x86_64.rpm
nspr-debuginfo-4.25.0-2.el7_9.i686.rpm
nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm
nss-3.53.1-3.el7_9.i686.rpm
nss-3.53.1-3.el7_9.x86_64.rpm
nss-debuginfo-3.53.1-3.el7_9.i686.rpm
nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm
nss-softokn-3.53.1-6.el7_9.i686.rpm
nss-softokn-3.53.1-6.el7_9.x86_64.rpm
nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm
nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm
nss-softokn-freebl-3.53.1-6.el7_9.i686.rpm
nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm
nss-sysinit-3.53.1-3.el7_9.x86_64.rpm
nss-tools-3.53.1-3.el7_9.x86_64.rpm
nss-util-3.53.1-1.el7_9.i686.rpm
nss-util-3.53.1-1.el7_9.x86_64.rpm
nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm
nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
nspr-debuginfo-4.25.0-2.el7_9.i686.rpm
nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm
nspr-devel-4.25.0-2.el7_9.i686.rpm
nspr-devel-4.25.0-2.el7_9.x86_64.rpm
nss-debuginfo-3.53.1-3.el7_9.i686.rpm
nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm
nss-devel-3.53.1-3.el7_9.i686.rpm
nss-devel-3.53.1-3.el7_9.x86_64.rpm
nss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm
nss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm
nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm
nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm
nss-softokn-devel-3.53.1-6.el7_9.i686.rpm
nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm
nss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm
nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm
nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm
nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm
nss-util-devel-3.53.1-1.el7_9.i686.rpm
nss-util-devel-3.53.1-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
nspr-4.25.0-2.el7_9.src.rpm
nss-3.53.1-3.el7_9.src.rpm
nss-softokn-3.53.1-6.el7_9.src.rpm
nss-util-3.53.1-1.el7_9.src.rpm
x86_64:
nspr-4.25.0-2.el7_9.i686.rpm
nspr-4.25.0-2.el7_9.x86_64.rpm
nspr-debuginfo-4.25.0-2.el7_9.i686.rpm
nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm
nss-3.53.1-3.el7_9.i686.rpm
nss-3.53.1-3.el7_9.x86_64.rpm
nss-debuginfo-3.53.1-3.el7_9.i686.rpm
nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm
nss-softokn-3.53.1-6.el7_9.i686.rpm
nss-softokn-3.53.1-6.el7_9.x86_64.rpm
nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm
nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm
nss-softokn-freebl-3.53.1-6.el7_9.i686.rpm
nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm
nss-sysinit-3.53.1-3.el7_9.x86_64.rpm
nss-tools-3.53.1-3.el7_9.x86_64.rpm
nss-util-3.53.1-1.el7_9.i686.rpm
nss-util-3.53.1-1.el7_9.x86_64.rpm
nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm
nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
nspr-debuginfo-4.25.0-2.el7_9.i686.rpm
nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm
nspr-devel-4.25.0-2.el7_9.i686.rpm
nspr-devel-4.25.0-2.el7_9.x86_64.rpm
nss-debuginfo-3.53.1-3.el7_9.i686.rpm
nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm
nss-devel-3.53.1-3.el7_9.i686.rpm
nss-devel-3.53.1-3.el7_9.x86_64.rpm
nss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm
nss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm
nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm
nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm
nss-softokn-devel-3.53.1-6.el7_9.i686.rpm
nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm
nss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm
nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm
nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm
nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm
nss-util-devel-3.53.1-1.el7_9.i686.rpm
nss-util-devel-3.53.1-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
nspr-4.25.0-2.el7_9.src.rpm
nss-3.53.1-3.el7_9.src.rpm
nss-softokn-3.53.1-6.el7_9.src.rpm
nss-util-3.53.1-1.el7_9.src.rpm
ppc64:
nspr-4.25.0-2.el7_9.ppc.rpm
nspr-4.25.0-2.el7_9.ppc64.rpm
nspr-debuginfo-4.25.0-2.el7_9.ppc.rpm
nspr-debuginfo-4.25.0-2.el7_9.ppc64.rpm
nspr-devel-4.25.0-2.el7_9.ppc.rpm
nspr-devel-4.25.0-2.el7_9.ppc64.rpm
nss-3.53.1-3.el7_9.ppc.rpm
nss-3.53.1-3.el7_9.ppc64.rpm
nss-debuginfo-3.53.1-3.el7_9.ppc.rpm
nss-debuginfo-3.53.1-3.el7_9.ppc64.rpm
nss-devel-3.53.1-3.el7_9.ppc.rpm
nss-devel-3.53.1-3.el7_9.ppc64.rpm
nss-softokn-3.53.1-6.el7_9.ppc.rpm
nss-softokn-3.53.1-6.el7_9.ppc64.rpm
nss-softokn-debuginfo-3.53.1-6.el7_9.ppc.rpm
nss-softokn-debuginfo-3.53.1-6.el7_9.ppc64.rpm
nss-softokn-devel-3.53.1-6.el7_9.ppc.rpm
nss-softokn-devel-3.53.1-6.el7_9.ppc64.rpm
nss-softokn-freebl-3.53.1-6.el7_9.ppc.rpm
nss-softokn-freebl-3.53.1-6.el7_9.ppc64.rpm
nss-softokn-freebl-devel-3.53.1-6.el7_9.ppc.rpm
nss-softokn-freebl-devel-3.53.1-6.el7_9.ppc64.rpm
nss-sysinit-3.53.1-3.el7_9.ppc64.rpm
nss-tools-3.53.1-3.el7_9.ppc64.rpm
nss-util-3.53.1-1.el7_9.ppc.rpm
nss-util-3.53.1-1.el7_9.ppc64.rpm
nss-util-debuginfo-3.53.1-1.el7_9.ppc.rpm
nss-util-debuginfo-3.53.1-1.el7_9.ppc64.rpm
nss-util-devel-3.53.1-1.el7_9.ppc.rpm
nss-util-devel-3.53.1-1.el7_9.ppc64.rpm
ppc64le:
nspr-4.25.0-2.el7_9.ppc64le.rpm
nspr-debuginfo-4.25.0-2.el7_9.ppc64le.rpm
nspr-devel-4.25.0-2.el7_9.ppc64le.rpm
nss-3.53.1-3.el7_9.ppc64le.rpm
nss-debuginfo-3.53.1-3.el7_9.ppc64le.rpm
nss-devel-3.53.1-3.el7_9.ppc64le.rpm
nss-softokn-3.53.1-6.el7_9.ppc64le.rpm
nss-softokn-debuginfo-3.53.1-6.el7_9.ppc64le.rpm
nss-softokn-devel-3.53.1-6.el7_9.ppc64le.rpm
nss-softokn-freebl-3.53.1-6.el7_9.ppc64le.rpm
nss-softokn-freebl-devel-3.53.1-6.el7_9.ppc64le.rpm
nss-sysinit-3.53.1-3.el7_9.ppc64le.rpm
nss-tools-3.53.1-3.el7_9.ppc64le.rpm
nss-util-3.53.1-1.el7_9.ppc64le.rpm
nss-util-debuginfo-3.53.1-1.el7_9.ppc64le.rpm
nss-util-devel-3.53.1-1.el7_9.ppc64le.rpm
s390x:
nspr-4.25.0-2.el7_9.s390.rpm
nspr-4.25.0-2.el7_9.s390x.rpm
nspr-debuginfo-4.25.0-2.el7_9.s390.rpm
nspr-debuginfo-4.25.0-2.el7_9.s390x.rpm
nspr-devel-4.25.0-2.el7_9.s390.rpm
nspr-devel-4.25.0-2.el7_9.s390x.rpm
nss-3.53.1-3.el7_9.s390.rpm
nss-3.53.1-3.el7_9.s390x.rpm
nss-debuginfo-3.53.1-3.el7_9.s390.rpm
nss-debuginfo-3.53.1-3.el7_9.s390x.rpm
nss-devel-3.53.1-3.el7_9.s390.rpm
nss-devel-3.53.1-3.el7_9.s390x.rpm
nss-softokn-3.53.1-6.el7_9.s390.rpm
nss-softokn-3.53.1-6.el7_9.s390x.rpm
nss-softokn-debuginfo-3.53.1-6.el7_9.s390.rpm
nss-softokn-debuginfo-3.53.1-6.el7_9.s390x.rpm
nss-softokn-devel-3.53.1-6.el7_9.s390.rpm
nss-softokn-devel-3.53.1-6.el7_9.s390x.rpm
nss-softokn-freebl-3.53.1-6.el7_9.s390.rpm
nss-softokn-freebl-3.53.1-6.el7_9.s390x.rpm
nss-softokn-freebl-devel-3.53.1-6.el7_9.s390.rpm
nss-softokn-freebl-devel-3.53.1-6.el7_9.s390x.rpm
nss-sysinit-3.53.1-3.el7_9.s390x.rpm
nss-tools-3.53.1-3.el7_9.s390x.rpm
nss-util-3.53.1-1.el7_9.s390.rpm
nss-util-3.53.1-1.el7_9.s390x.rpm
nss-util-debuginfo-3.53.1-1.el7_9.s390.rpm
nss-util-debuginfo-3.53.1-1.el7_9.s390x.rpm
nss-util-devel-3.53.1-1.el7_9.s390.rpm
nss-util-devel-3.53.1-1.el7_9.s390x.rpm
x86_64:
nspr-4.25.0-2.el7_9.i686.rpm
nspr-4.25.0-2.el7_9.x86_64.rpm
nspr-debuginfo-4.25.0-2.el7_9.i686.rpm
nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm
nspr-devel-4.25.0-2.el7_9.i686.rpm
nspr-devel-4.25.0-2.el7_9.x86_64.rpm
nss-3.53.1-3.el7_9.i686.rpm
nss-3.53.1-3.el7_9.x86_64.rpm
nss-debuginfo-3.53.1-3.el7_9.i686.rpm
nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm
nss-devel-3.53.1-3.el7_9.i686.rpm
nss-devel-3.53.1-3.el7_9.x86_64.rpm
nss-softokn-3.53.1-6.el7_9.i686.rpm
nss-softokn-3.53.1-6.el7_9.x86_64.rpm
nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm
nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm
nss-softokn-devel-3.53.1-6.el7_9.i686.rpm
nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm
nss-softokn-freebl-3.53.1-6.el7_9.i686.rpm
nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm
nss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm
nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm
nss-sysinit-3.53.1-3.el7_9.x86_64.rpm
nss-tools-3.53.1-3.el7_9.x86_64.rpm
nss-util-3.53.1-1.el7_9.i686.rpm
nss-util-3.53.1-1.el7_9.x86_64.rpm
nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm
nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm
nss-util-devel-3.53.1-1.el7_9.i686.rpm
nss-util-devel-3.53.1-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
nss-debuginfo-3.53.1-3.el7_9.ppc.rpm
nss-debuginfo-3.53.1-3.el7_9.ppc64.rpm
nss-pkcs11-devel-3.53.1-3.el7_9.ppc.rpm
nss-pkcs11-devel-3.53.1-3.el7_9.ppc64.rpm
ppc64le:
nss-debuginfo-3.53.1-3.el7_9.ppc64le.rpm
nss-pkcs11-devel-3.53.1-3.el7_9.ppc64le.rpm
s390x:
nss-debuginfo-3.53.1-3.el7_9.s390.rpm
nss-debuginfo-3.53.1-3.el7_9.s390x.rpm
nss-pkcs11-devel-3.53.1-3.el7_9.s390.rpm
nss-pkcs11-devel-3.53.1-3.el7_9.s390x.rpm
x86_64:
nss-debuginfo-3.53.1-3.el7_9.i686.rpm
nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm
nss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm
nss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
nspr-4.25.0-2.el7_9.src.rpm
nss-3.53.1-3.el7_9.src.rpm
nss-softokn-3.53.1-6.el7_9.src.rpm
nss-util-3.53.1-1.el7_9.src.rpm
x86_64:
nspr-4.25.0-2.el7_9.i686.rpm
nspr-4.25.0-2.el7_9.x86_64.rpm
nspr-debuginfo-4.25.0-2.el7_9.i686.rpm
nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm
nspr-devel-4.25.0-2.el7_9.i686.rpm
nspr-devel-4.25.0-2.el7_9.x86_64.rpm
nss-3.53.1-3.el7_9.i686.rpm
nss-3.53.1-3.el7_9.x86_64.rpm
nss-debuginfo-3.53.1-3.el7_9.i686.rpm
nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm
nss-devel-3.53.1-3.el7_9.i686.rpm
nss-devel-3.53.1-3.el7_9.x86_64.rpm
nss-softokn-3.53.1-6.el7_9.i686.rpm
nss-softokn-3.53.1-6.el7_9.x86_64.rpm
nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm
nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm
nss-softokn-devel-3.53.1-6.el7_9.i686.rpm
nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm
nss-softokn-freebl-3.53.1-6.el7_9.i686.rpm
nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm
nss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm
nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm
nss-sysinit-3.53.1-3.el7_9.x86_64.rpm
nss-tools-3.53.1-3.el7_9.x86_64.rpm
nss-util-3.53.1-1.el7_9.i686.rpm
nss-util-3.53.1-1.el7_9.x86_64.rpm
nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm
nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm
nss-util-devel-3.53.1-1.el7_9.i686.rpm
nss-util-devel-3.53.1-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
nss-debuginfo-3.53.1-3.el7_9.i686.rpm
nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm
nss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm
nss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-11719
https://access.redhat.com/security/cve/CVE-2019-11727
https://access.redhat.com/security/cve/CVE-2019-11756
https://access.redhat.com/security/cve/CVE-2019-17006
https://access.redhat.com/security/cve/CVE-2019-17023
https://access.redhat.com/security/cve/CVE-2020-6829
https://access.redhat.com/security/cve/CVE-2020-12400
https://access.redhat.com/security/cve/CVE-2020-12401
https://access.redhat.com/security/cve/CVE-2020-12402
https://access.redhat.com/security/cve/CVE-2020-12403
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX3Ok2NzjgjWX9erEAQidHRAAn/wr+iQpt5b54IqKwTLgtnBpRshAWWk1
9xIvejwv+oMhbvULKuTeiCKZetFXErAZcyPYwChDt2X5ZoGUxsIUAAx8pphKaScM
7dLXSGqgYNtduYmBAc2XlDIk244sYednkJ12uK6AjIgtY93wPcrk7wR9wbMF6xKL
9YjsfdKso7bN3vIx43idBVvgs2yArnFYhzCu7azIHxnuiDu9QC1KUomAhEjLlFFk
vjsbxL32eb/XFQ6pizoO2Nn3ZREejnAOlTu9U0Hc/u4FxRTns+HcVx6GIA+yNNMO
Hfbq1cKzshd7yowumhvatQNjtddmI8pHpW78KVJPma9t8IuoegXAwsXhti39dmtG
mWcT0k+1ve+f9MIjY0FpZSFZycyUnmRf+bSstBwsoTL0hHe3RLOEYWulJMZGLyyg
yCE36KONSTBo2SoNUMKVlWEIFVvEs9ixq0gzr9tGtGtYra5/GZ0MZntUM2zDwX6N
Kd9i7BrjujmL+x0hdjHxGd8BbIf0DO7xOrKyB6IhRu+8MO2qoQayQ3dzyzJixH4z
HMk5J5qMHcC2PVxLcKyIbKerm00ZY3ZNarxYdRHmJoX7xV2K69PiPv+2+82k8138
3OVEJSsjfckX2/tinighYNX8HsTtLG8+G1THzF5oRqCS9+T6lBsoorpL+X+YqJNQ
eHKv0fAxZzA=
=Zbhx
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX3PaO+NLKJtyKPYoAQgrvQ//TPeCDbRS+r+gc1wHeisrqzLiP1b9uQg1
a8J68Vf72TXY2DP1bHlXibn4kKyRHihZK0VZzTjNSzrLds8zLXSVdxQ9HiyKFnR+
Zawc5stE4Cmsz2wfZXUjRzm2zlb/YXOyMYmguMY4ffhDdA9t+J/vOAevJc0Ha2pR
x/IFWUTrU7NE+bJ+K6N94qH77PGHN7ByrFBYPwz4lFkZGDlbWgyN/DD2el4g4u5X
8C+yzRtG2EfT0Ad8+Umh9d9pwZiNuvuT4G1mpEFnYwM4teT/qT8Mk/Icht0yHX4T
2RpMvoDCnmDg0XbZGQqHFFaCXQOdyO45cTBaXpfTrBkSxABmTqngYXvI5Ax/irfR
8BcPow6snb6gj9gaXBjJPHH97bdHhYlIhGcr2TA8WSKj94a7Z2w4CGyOv/tuCjnA
7uUqIyfRT6p5jjdVdaq4QmGPlZfYDPV2Zq1NbBoWn8Cz4LCTx7wkzePFdAIsN2ZU
z/35j8JHaxDsCaJyHoyI1aMyw+70DgQpV/NXccVSQ79xiui1ZE3u5WE01JBkp6s9
iLMPgcybofhIq+uNcjaVnrxVfNrick2JwAwj2lGjp/im4vsZL7oEQLp9ERn670HQ
lX5NH2KnrPs/V84EeqnbM5q39uoTXg5pLOkNVE0JedzP4tLYM93bG05QvVjPhPAz
5f6OgOZ7biY=
=FamL
-----END PGP SIGNATURE-----