[GLSA-202008-08] Mozilla Network Security Service (NSS): Multiple vulnerabilities
Severity
Normal
Affected Packages
1
Unaffected Packages
1
CVEs
3
NSS has multiple information disclosure vulnerabilities when handling secret key material.
Background
The Mozilla Network Security Service (NSS) is a library implementing
security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS
#12, S/MIME and X.509 certificates.
Description
Multiple vulnerabilities have been discovered in NSS. Please review the
CVE identifiers referenced below for details.
Impact
An attacker may be able to obtain information about secret key material.
Workaround
There is no known workaround at this time.
Resolution
All NSS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/nss-3.55"
Package | Affected Version |
---|---|
pkg:ebuild/dev-libs/nss?distro=gentoo | < 3.55 |
Package | Unaffected Version |
---|---|
pkg:ebuild/dev-libs/nss?distro=gentoo | >= 3.55 |
- ID
- GLSA-202008-08
- Severity
- normal
- URL
- https://security.gentoo.org/glsa/202008-08
- Published
-
2020-08-19T00:00:00
(4 years ago) - Modified
-
2020-08-19T00:00:00
(4 years ago) - Rights
- Gentoo Foundation, Inc.
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2020-12400 | CVE-2020-12400 | https://nvd.nist.gov/vuln/detail/CVE-2020-12400 |
CVE | CVE-2020-12401 | CVE-2020-12401 | https://nvd.nist.gov/vuln/detail/CVE-2020-12401 |
CVE | CVE-2020-12403 | CVE-2020-12403 | https://nvd.nist.gov/vuln/detail/CVE-2020-12403 |
Bugzilla | 734986 | Bugzilla #734986 | https://bugs.gentoo.org/show_bug.cgi?id=734986 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |