[ALAS-2021-1522] Amazon Linux AMI 2014.03 - ALAS-2021-1522: medium priority package update for nspr nss-softokn nss-util

Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2020-6829:
A flaw was found in nss. Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication during the ECDSA signature generation, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this vulnerability is to data confidentiality.
1826187: CVE-2020-6829 nss: Side channel attack on ECDSA signature generation

CVE-2020-12403:
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.
1868931: CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read

CVE-2020-12402:
A flaw was found in NSS, where it is vulnerable to RSA key generation cache timing side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. The highest threat to this flaw is to confidentiality.
1826231: CVE-2020-12402 nss: Side channel vulnerabilities during RSA key generation

CVE-2020-12401:
A flaw was found in nss. Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication during the ECDSA signature generation, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this vulnerability is to data confidentiality.
1851294: CVE-2020-12401 nss: ECDSA timing attack mitigation bypass

CVE-2020-12400:
A side-channel flaw was found in NSS, in the way P-384 and P-521 curves are used in the generation of EDSA signatures, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this vulnerability is to data confidentiality.
1853983: CVE-2020-12400 nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function

CVE-2019-17023:
A protocol downgrade flaw was found in Network Security Services (NSS). After a HelloRetryRequest has been sent, the client may negotiate a lower protocol than TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored.
1791225: CVE-2019-17023 nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state

CVE-2019-17006:
A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability.
1775916: CVE-2019-17006 nss: Check length of inputs for cryptographic primitives

CVE-2019-11756:
A use-after-free flaw was found in Mozilla Network Security Services (NSS) related to PK11 session handling. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled with NSS.
1774835: CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting

CVE-2019-11727:
A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.
1730988: CVE-2019-11727 nss: PKCS#1 v1.5 signatures can be used for TLS 1.3

CVE-2019-11719:
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
1728436: CVE-2019-11719 nss: Out-of-bounds read when importing curve25519 private key