drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in nss-softokn
Name: |
Mehrere Probleme in nss-softokn |
|
ID: |
RHSA-2021:0758-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Enterprise Linux |
|
Datum: |
Mi, 10. März 2021, 07:08 |
|
Referenzen: |
https://access.redhat.com/security/cve/CVE-2019-11756
https://access.redhat.com/security/cve/CVE-2020-12403
https://access.redhat.com/security/cve/CVE-2019-17006 |
|
Applikationen: |
NSS |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: nss-softokn security update Advisory ID: RHSA-2021:0758-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0758 Issue date: 2021-03-09 CVE Names: CVE-2019-11756 CVE-2019-17006 CVE-2020-12403 =====================================================================
1. Summary:
An update for nss-softokn is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64
3. Description:
The nss-softokn package provides the Network Security Services Softoken Cryptographic Module.
Security Fix(es):
* nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756)
* nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)
* nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1774835 - CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting 1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives 1868931 - CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read
6. Package List:
Red Hat Enterprise Linux Server AUS (v. 7.4):
Source: nss-softokn-3.28.3-10.el7_4.src.rpm
x86_64: nss-softokn-3.28.3-10.el7_4.i686.rpm nss-softokn-3.28.3-10.el7_4.x86_64.rpm nss-softokn-debuginfo-3.28.3-10.el7_4.i686.rpm nss-softokn-debuginfo-3.28.3-10.el7_4.x86_64.rpm nss-softokn-devel-3.28.3-10.el7_4.i686.rpm nss-softokn-devel-3.28.3-10.el7_4.x86_64.rpm nss-softokn-freebl-3.28.3-10.el7_4.i686.rpm nss-softokn-freebl-3.28.3-10.el7_4.x86_64.rpm nss-softokn-freebl-devel-3.28.3-10.el7_4.i686.rpm nss-softokn-freebl-devel-3.28.3-10.el7_4.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.4):
Source: nss-softokn-3.28.3-10.el7_4.src.rpm
ppc64le: nss-softokn-3.28.3-10.el7_4.ppc64le.rpm nss-softokn-debuginfo-3.28.3-10.el7_4.ppc64le.rpm nss-softokn-devel-3.28.3-10.el7_4.ppc64le.rpm nss-softokn-freebl-3.28.3-10.el7_4.ppc64le.rpm nss-softokn-freebl-devel-3.28.3-10.el7_4.ppc64le.rpm
x86_64: nss-softokn-3.28.3-10.el7_4.i686.rpm nss-softokn-3.28.3-10.el7_4.x86_64.rpm nss-softokn-debuginfo-3.28.3-10.el7_4.i686.rpm nss-softokn-debuginfo-3.28.3-10.el7_4.x86_64.rpm nss-softokn-devel-3.28.3-10.el7_4.i686.rpm nss-softokn-devel-3.28.3-10.el7_4.x86_64.rpm nss-softokn-freebl-3.28.3-10.el7_4.i686.rpm nss-softokn-freebl-3.28.3-10.el7_4.x86_64.rpm nss-softokn-freebl-devel-3.28.3-10.el7_4.i686.rpm nss-softokn-freebl-devel-3.28.3-10.el7_4.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.4):
Source: nss-softokn-3.28.3-10.el7_4.src.rpm
x86_64: nss-softokn-3.28.3-10.el7_4.i686.rpm nss-softokn-3.28.3-10.el7_4.x86_64.rpm nss-softokn-debuginfo-3.28.3-10.el7_4.i686.rpm nss-softokn-debuginfo-3.28.3-10.el7_4.x86_64.rpm nss-softokn-devel-3.28.3-10.el7_4.i686.rpm nss-softokn-devel-3.28.3-10.el7_4.x86_64.rpm nss-softokn-freebl-3.28.3-10.el7_4.i686.rpm nss-softokn-freebl-3.28.3-10.el7_4.x86_64.rpm nss-softokn-freebl-devel-3.28.3-10.el7_4.i686.rpm nss-softokn-freebl-devel-3.28.3-10.el7_4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-11756 https://access.redhat.com/security/cve/CVE-2019-17006 https://access.redhat.com/security/cve/CVE-2020-12403 https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYEc+RNzjgjWX9erEAQg4mQ/+MCpmmYSEI6SYvndSaGpNdO8n7hGXNjAM VmFgQ8T3HABcaoKX78x2lhSeFZypFdwLDac2fL7pOoxxY9KZKUJqDCZc1Q6UggmQ CWUgRNzngnZhkwGaZw3al+/371NN/dfj7kAkEuQTt/PSH0gdiyAdwYthZ0Ke+EOV wIW+8w1x2NxJFrTWIvBSP+w3HHn0d2dCRJicemPkPd25ptHsDzwer2ySDuRI7HJI OlVt5mop/Yq0xXEWlujB7qUhD3gH4ebwHHIgtce7Ffwi1Y/JBGeV9/V2xMbhCNBk 4jhK3AWRNw9ByI0vH4EfyxAuRlolUGR3T/z2ApemyV6pfrulr2KuWeKzF5AEEe1F 9VPuhZ2L+b1xlU3dkZWBO7KH97/c8FJDH2A6j6Lz+M4OtlDziFAPUkabo83AKSSq kv7K2LRL/rm2+dJbSRu9G/3H61jtwVLuGxWUfH6+f8j+NjIeY2BsPFGmCJRGMavI 37MpSDMeYcikHrxgcd49N/xYGNtJKuSQnaO2mQRM5KK7yfeZ8qKOprmC7nE5RKp7 zlIKxq3Py1S53zIzuXzyT5PnvM2nwI3EpBGrcQiiBLlRH7EBAW6eWUCcIQaZklW9 llkYRNyJ+qct5YItP7SjRMUyEJ6Zfn1fxNiJ3vGA4s1dsrBF097H+sqr/OuTEXM8 FTKK9cP2NpU= =9QSj -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
|
|
|
|