[RHSA-2019:1951] nss and nspr security, bug fix, and enhancement update
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities.
The following packages have been upgraded to a later upstream version: nss (3.44.0), nspr (4.21.0). (BZ#1713187, BZ#1713188)
Security Fix(es):
nss: NULL pointer dereference in several CMS functions resulting in a denial of service (CVE-2018-18508)
nss: Out-of-bounds read when importing curve25519 private key (CVE-2019-11719)
nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729)
nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
PQG verify fails when create DSA PQG parameters because the counts aren't returned correctly. (BZ#1685325)
zeroization of AES context missing (BZ#1719629)
RSA Pairwise consistency test (BZ#1719630)
FIPS updated for nss-softoken POST (BZ#1722373)
DH/ECDH key tests missing for the PG parameters (BZ#1722374)
NSS should implement continuous random test on it's seed data or use the kernel AF_ALG interface for random (BZ#1725059)
support setting supported signature algorithms in strsclnt utility (BZ#1725110)
certutil -F with no parameters is killed with segmentation fault message (BZ#1725115)
NSS: Support for IKE/IPsec typical PKIX usage so libreswan can use nss without rejecting certs based on EKU (BZ#1725116)
NSS should use getentropy() for seeding its RNG, not /dev/urandom. Needs update to NSS 3.37 (BZ#1725117)
Disable TLS 1.3 in FIPS mode (BZ#1725773)
Wrong alert sent when client uses PKCS#1 signatures in TLS 1.3 (BZ#1728259)
x25519 allowed in FIPS mode (BZ#1728260)
post handshake authentication with selfserv does not work if SSL_ENABLE_SESSION_TICKETS is set (BZ#1728261)
Enhancement(s):
- Move IKEv1 and IKEv2 KDF's from libreswan to nss-softkn (BZ#1719628)
- ID
- RHSA-2019:1951
- Severity
- moderate
- URL
- https://access.redhat.com/errata/RHSA-2019:1951
- Published
-
2019-07-30T00:00:00
(5 years ago) - Modified
-
2019-07-30T00:00:00
(5 years ago) - Rights
- Copyright 2019 Red Hat, Inc.
- Other Advisories
-
- ALAS-2020-1355
- ALAS-2021-1522
- ALAS2-2020-1379
- ALAS2-2020-1384
- ALAS2-2020-1559
- ALAS2-2024-2470
- ALPINE:CVE-2019-11719
- ALPINE:CVE-2019-11729
- ASA-201907-4
- DSA-4579-1
- ELSA-2019-1951
- ELSA-2019-4190
- ELSA-2020-4076
- FEDORA-2019-68b9bec5ca
- FEDORA-2019-c602845b91
- FREEBSD:0592F49F-B3B8-4260-B648-D1718762656C
- GLSA-201908-12
- GLSA-201908-20
- GLSA-202003-37
- MFSA-2019-21
- MFSA-2019-22
- MFSA-2019-23
- MFSA-2019-28
- openSUSE-SU-2019:1782-1
- openSUSE-SU-2019:1811-1
- openSUSE-SU-2019:1813-1
- openSUSE-SU-2019:1990-1
- openSUSE-SU-2019:2248-1
- openSUSE-SU-2019:2249-1
- openSUSE-SU-2019:2251-1
- openSUSE-SU-2019:2260-1
- openSUSE-SU-2020:0008-1
- RHEA-2019:3280
- RHSA-2019:2237
- RHSA-2019:4190
- RHSA-2020:4076
- SSA:2019-191-01
- SUSE-SU-2019:1861-1
- SUSE-SU-2019:1861-2
- SUSE-SU-2019:1861-3
- SUSE-SU-2019:1869-1
- SUSE-SU-2019:1960-1
- SUSE-SU-2019:2515-1
- SUSE-SU-2019:2545-1
- SUSE-SU-2019:2620-1
- SUSE-SU-2019:3395-1
- USN-3898-1
- USN-3898-2
- USN-4054-1
- USN-4060-1
- USN-4060-2
- USN-4064-1
- USN-4215-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1671310 | https://bugzilla.redhat.com/1671310 | |
Bugzilla | 1703979 | https://bugzilla.redhat.com/1703979 | |
Bugzilla | 1728436 | https://bugzilla.redhat.com/1728436 | |
Bugzilla | 1728437 | https://bugzilla.redhat.com/1728437 | |
Bugzilla | 1730988 | https://bugzilla.redhat.com/1730988 | |
RHSA | RHSA-2019:1951 | https://access.redhat.com/errata/RHSA-2019:1951 | |
CVE | CVE-2018-18508 | https://access.redhat.com/security/cve/CVE-2018-18508 | |
CVE | CVE-2019-11719 | https://access.redhat.com/security/cve/CVE-2019-11719 | |
CVE | CVE-2019-11727 | https://access.redhat.com/security/cve/CVE-2019-11727 | |
CVE | CVE-2019-11729 | https://access.redhat.com/security/cve/CVE-2019-11729 | |
CVE | CVE-2019-17007 | https://access.redhat.com/security/cve/CVE-2019-17007 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/nss?arch=x86_64&distro=redhat-8.0 | redhat | nss | < 3.44.0-7.el8_0 | redhat-8.0 | x86_64 | |
Affected | pkg:rpm/redhat/nss?arch=s390x&distro=redhat-8.0 | redhat | nss | < 3.44.0-7.el8_0 | redhat-8.0 | s390x | |
Affected | pkg:rpm/redhat/nss?arch=ppc64le&distro=redhat-8.0 | redhat | nss | < 3.44.0-7.el8_0 | redhat-8.0 | ppc64le | |
Affected | pkg:rpm/redhat/nss?arch=i686&distro=redhat-8.0 | redhat | nss | < 3.44.0-7.el8_0 | redhat-8.0 | i686 | |
Affected | pkg:rpm/redhat/nss?arch=aarch64&distro=redhat-8.0 | redhat | nss | < 3.44.0-7.el8_0 | redhat-8.0 | aarch64 | |
Affected | pkg:rpm/redhat/nss-util?arch=x86_64&distro=redhat-8.0 | redhat | nss-util | < 3.44.0-7.el8_0 | redhat-8.0 | x86_64 | |
Affected | pkg:rpm/redhat/nss-util?arch=s390x&distro=redhat-8.0 | redhat | nss-util | < 3.44.0-7.el8_0 | redhat-8.0 | s390x | |
Affected | pkg:rpm/redhat/nss-util?arch=ppc64le&distro=redhat-8.0 | redhat | nss-util | < 3.44.0-7.el8_0 | redhat-8.0 | ppc64le | |
Affected | pkg:rpm/redhat/nss-util?arch=i686&distro=redhat-8.0 | redhat | nss-util | < 3.44.0-7.el8_0 | redhat-8.0 | i686 | |
Affected | pkg:rpm/redhat/nss-util?arch=aarch64&distro=redhat-8.0 | redhat | nss-util | < 3.44.0-7.el8_0 | redhat-8.0 | aarch64 | |
Affected | pkg:rpm/redhat/nss-util-devel?arch=x86_64&distro=redhat-8.0 | redhat | nss-util-devel | < 3.44.0-7.el8_0 | redhat-8.0 | x86_64 | |
Affected | pkg:rpm/redhat/nss-util-devel?arch=s390x&distro=redhat-8.0 | redhat | nss-util-devel | < 3.44.0-7.el8_0 | redhat-8.0 | s390x | |
Affected | pkg:rpm/redhat/nss-util-devel?arch=ppc64le&distro=redhat-8.0 | redhat | nss-util-devel | < 3.44.0-7.el8_0 | redhat-8.0 | ppc64le | |
Affected | pkg:rpm/redhat/nss-util-devel?arch=i686&distro=redhat-8.0 | redhat | nss-util-devel | < 3.44.0-7.el8_0 | redhat-8.0 | i686 | |
Affected | pkg:rpm/redhat/nss-util-devel?arch=aarch64&distro=redhat-8.0 | redhat | nss-util-devel | < 3.44.0-7.el8_0 | redhat-8.0 | aarch64 | |
Affected | pkg:rpm/redhat/nss-tools?arch=x86_64&distro=redhat-8.0 | redhat | nss-tools | < 3.44.0-7.el8_0 | redhat-8.0 | x86_64 | |
Affected | pkg:rpm/redhat/nss-tools?arch=s390x&distro=redhat-8.0 | redhat | nss-tools | < 3.44.0-7.el8_0 | redhat-8.0 | s390x | |
Affected | pkg:rpm/redhat/nss-tools?arch=ppc64le&distro=redhat-8.0 | redhat | nss-tools | < 3.44.0-7.el8_0 | redhat-8.0 | ppc64le | |
Affected | pkg:rpm/redhat/nss-tools?arch=aarch64&distro=redhat-8.0 | redhat | nss-tools | < 3.44.0-7.el8_0 | redhat-8.0 | aarch64 | |
Affected | pkg:rpm/redhat/nss-sysinit?arch=x86_64&distro=redhat-8.0 | redhat | nss-sysinit | < 3.44.0-7.el8_0 | redhat-8.0 | x86_64 | |
Affected | pkg:rpm/redhat/nss-sysinit?arch=s390x&distro=redhat-8.0 | redhat | nss-sysinit | < 3.44.0-7.el8_0 | redhat-8.0 | s390x | |
Affected | pkg:rpm/redhat/nss-sysinit?arch=ppc64le&distro=redhat-8.0 | redhat | nss-sysinit | < 3.44.0-7.el8_0 | redhat-8.0 | ppc64le | |
Affected | pkg:rpm/redhat/nss-sysinit?arch=aarch64&distro=redhat-8.0 | redhat | nss-sysinit | < 3.44.0-7.el8_0 | redhat-8.0 | aarch64 | |
Affected | pkg:rpm/redhat/nss-softokn?arch=x86_64&distro=redhat-8.0 | redhat | nss-softokn | < 3.44.0-7.el8_0 | redhat-8.0 | x86_64 | |
Affected | pkg:rpm/redhat/nss-softokn?arch=s390x&distro=redhat-8.0 | redhat | nss-softokn | < 3.44.0-7.el8_0 | redhat-8.0 | s390x | |
Affected | pkg:rpm/redhat/nss-softokn?arch=ppc64le&distro=redhat-8.0 | redhat | nss-softokn | < 3.44.0-7.el8_0 | redhat-8.0 | ppc64le | |
Affected | pkg:rpm/redhat/nss-softokn?arch=i686&distro=redhat-8.0 | redhat | nss-softokn | < 3.44.0-7.el8_0 | redhat-8.0 | i686 | |
Affected | pkg:rpm/redhat/nss-softokn?arch=aarch64&distro=redhat-8.0 | redhat | nss-softokn | < 3.44.0-7.el8_0 | redhat-8.0 | aarch64 | |
Affected | pkg:rpm/redhat/nss-softokn-freebl?arch=x86_64&distro=redhat-8.0 | redhat | nss-softokn-freebl | < 3.44.0-7.el8_0 | redhat-8.0 | x86_64 | |
Affected | pkg:rpm/redhat/nss-softokn-freebl?arch=s390x&distro=redhat-8.0 | redhat | nss-softokn-freebl | < 3.44.0-7.el8_0 | redhat-8.0 | s390x | |
Affected | pkg:rpm/redhat/nss-softokn-freebl?arch=ppc64le&distro=redhat-8.0 | redhat | nss-softokn-freebl | < 3.44.0-7.el8_0 | redhat-8.0 | ppc64le | |
Affected | pkg:rpm/redhat/nss-softokn-freebl?arch=i686&distro=redhat-8.0 | redhat | nss-softokn-freebl | < 3.44.0-7.el8_0 | redhat-8.0 | i686 | |
Affected | pkg:rpm/redhat/nss-softokn-freebl?arch=aarch64&distro=redhat-8.0 | redhat | nss-softokn-freebl | < 3.44.0-7.el8_0 | redhat-8.0 | aarch64 | |
Affected | pkg:rpm/redhat/nss-softokn-freebl-devel?arch=x86_64&distro=redhat-8.0 | redhat | nss-softokn-freebl-devel | < 3.44.0-7.el8_0 | redhat-8.0 | x86_64 | |
Affected | pkg:rpm/redhat/nss-softokn-freebl-devel?arch=s390x&distro=redhat-8.0 | redhat | nss-softokn-freebl-devel | < 3.44.0-7.el8_0 | redhat-8.0 | s390x | |
Affected | pkg:rpm/redhat/nss-softokn-freebl-devel?arch=ppc64le&distro=redhat-8.0 | redhat | nss-softokn-freebl-devel | < 3.44.0-7.el8_0 | redhat-8.0 | ppc64le | |
Affected | pkg:rpm/redhat/nss-softokn-freebl-devel?arch=i686&distro=redhat-8.0 | redhat | nss-softokn-freebl-devel | < 3.44.0-7.el8_0 | redhat-8.0 | i686 | |
Affected | pkg:rpm/redhat/nss-softokn-freebl-devel?arch=aarch64&distro=redhat-8.0 | redhat | nss-softokn-freebl-devel | < 3.44.0-7.el8_0 | redhat-8.0 | aarch64 | |
Affected | pkg:rpm/redhat/nss-softokn-devel?arch=x86_64&distro=redhat-8.0 | redhat | nss-softokn-devel | < 3.44.0-7.el8_0 | redhat-8.0 | x86_64 | |
Affected | pkg:rpm/redhat/nss-softokn-devel?arch=s390x&distro=redhat-8.0 | redhat | nss-softokn-devel | < 3.44.0-7.el8_0 | redhat-8.0 | s390x | |
Affected | pkg:rpm/redhat/nss-softokn-devel?arch=ppc64le&distro=redhat-8.0 | redhat | nss-softokn-devel | < 3.44.0-7.el8_0 | redhat-8.0 | ppc64le | |
Affected | pkg:rpm/redhat/nss-softokn-devel?arch=i686&distro=redhat-8.0 | redhat | nss-softokn-devel | < 3.44.0-7.el8_0 | redhat-8.0 | i686 | |
Affected | pkg:rpm/redhat/nss-softokn-devel?arch=aarch64&distro=redhat-8.0 | redhat | nss-softokn-devel | < 3.44.0-7.el8_0 | redhat-8.0 | aarch64 | |
Affected | pkg:rpm/redhat/nss-devel?arch=x86_64&distro=redhat-8.0 | redhat | nss-devel | < 3.44.0-7.el8_0 | redhat-8.0 | x86_64 | |
Affected | pkg:rpm/redhat/nss-devel?arch=s390x&distro=redhat-8.0 | redhat | nss-devel | < 3.44.0-7.el8_0 | redhat-8.0 | s390x | |
Affected | pkg:rpm/redhat/nss-devel?arch=ppc64le&distro=redhat-8.0 | redhat | nss-devel | < 3.44.0-7.el8_0 | redhat-8.0 | ppc64le | |
Affected | pkg:rpm/redhat/nss-devel?arch=i686&distro=redhat-8.0 | redhat | nss-devel | < 3.44.0-7.el8_0 | redhat-8.0 | i686 | |
Affected | pkg:rpm/redhat/nss-devel?arch=aarch64&distro=redhat-8.0 | redhat | nss-devel | < 3.44.0-7.el8_0 | redhat-8.0 | aarch64 | |
Affected | pkg:rpm/redhat/nspr?arch=x86_64&distro=redhat-8.0 | redhat | nspr | < 4.21.0-2.el8_0 | redhat-8.0 | x86_64 | |
Affected | pkg:rpm/redhat/nspr?arch=s390x&distro=redhat-8.0 | redhat | nspr | < 4.21.0-2.el8_0 | redhat-8.0 | s390x | |
Affected | pkg:rpm/redhat/nspr?arch=ppc64le&distro=redhat-8.0 | redhat | nspr | < 4.21.0-2.el8_0 | redhat-8.0 | ppc64le | |
Affected | pkg:rpm/redhat/nspr?arch=i686&distro=redhat-8.0 | redhat | nspr | < 4.21.0-2.el8_0 | redhat-8.0 | i686 | |
Affected | pkg:rpm/redhat/nspr?arch=aarch64&distro=redhat-8.0 | redhat | nspr | < 4.21.0-2.el8_0 | redhat-8.0 | aarch64 | |
Affected | pkg:rpm/redhat/nspr-devel?arch=x86_64&distro=redhat-8.0 | redhat | nspr-devel | < 4.21.0-2.el8_0 | redhat-8.0 | x86_64 | |
Affected | pkg:rpm/redhat/nspr-devel?arch=s390x&distro=redhat-8.0 | redhat | nspr-devel | < 4.21.0-2.el8_0 | redhat-8.0 | s390x | |
Affected | pkg:rpm/redhat/nspr-devel?arch=ppc64le&distro=redhat-8.0 | redhat | nspr-devel | < 4.21.0-2.el8_0 | redhat-8.0 | ppc64le | |
Affected | pkg:rpm/redhat/nspr-devel?arch=i686&distro=redhat-8.0 | redhat | nspr-devel | < 4.21.0-2.el8_0 | redhat-8.0 | i686 | |
Affected | pkg:rpm/redhat/nspr-devel?arch=aarch64&distro=redhat-8.0 | redhat | nspr-devel | < 4.21.0-2.el8_0 | redhat-8.0 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |