[GLSA-202008-08] Mozilla Network Security Service (NSS): Multiple vulnerabilities
Severity
Normal
Affected Packages
1
Unaffected Packages
1
CVEs
3
NSS has multiple information disclosure vulnerabilities when handling secret key material.
Background
The Mozilla Network Security Service (NSS) is a library implementing
security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS
#12, S/MIME and X.509 certificates.
Description
Multiple vulnerabilities have been discovered in NSS. Please review the
CVE identifiers referenced below for details.
Impact
An attacker may be able to obtain information about secret key material.
Workaround
There is no known workaround at this time.
Resolution
All NSS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/nss-3.55"
| Package | Affected Version |
|---|---|
 pkg:ebuild/dev-libs/nss?distro=gentoo
|
< 3.55 |
| Package | Unaffected Version |
|---|---|
|
pkg:ebuild/dev-libs/nss?distro=gentoo
|
>= 3.55 |
- ID
- GLSA-202008-08
- Severity
- normal
- URL
- https://security.gentoo.org/glsa/202008-08
- Published
-
2020-08-19T00:00:00
(4 years ago) - Modified
-
2020-08-19T00:00:00
(4 years ago) - Rights
- Gentoo Foundation, Inc.
- Other Advisories
ALAS-2021-1522
ALPINE:CVE-2020-12400
ALSA-2021:0538
ELSA-2020-4076
FEDORA-2020-426fd04fd0
MFSA-2020-36
MS:CVE-2020-12403
RHSA-2020:4076
USN-4455-1| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2020-12400 | CVE-2020-12400 |
|
| CVE | CVE-2020-12401 | CVE-2020-12401 |
|
| CVE | CVE-2020-12403 | CVE-2020-12403 |
|
| Bugzilla | 734986 | Bugzilla #734986 |
|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |