[RHSA-2019:1951] nss and nspr security, bug fix, and enhancement update
Severity
Moderate
Affected Packages
58
CVEs
5
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities.
The following packages have been upgraded to a later upstream version: nss (3.44.0), nspr (4.21.0). (BZ#1713187, BZ#1713188)
Security Fix(es):
nss: NULL pointer dereference in several CMS functions resulting in a denial of service (CVE-2018-18508)
nss: Out-of-bounds read when importing curve25519 private key (CVE-2019-11719)
nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729)
nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
PQG verify fails when create DSA PQG parameters because the counts aren't returned correctly. (BZ#1685325)
zeroization of AES context missing (BZ#1719629)
RSA Pairwise consistency test (BZ#1719630)
FIPS updated for nss-softoken POST (BZ#1722373)
DH/ECDH key tests missing for the PG parameters (BZ#1722374)
NSS should implement continuous random test on it's seed data or use the kernel AF_ALG interface for random (BZ#1725059)
support setting supported signature algorithms in strsclnt utility (BZ#1725110)
certutil -F with no parameters is killed with segmentation fault message (BZ#1725115)
NSS: Support for IKE/IPsec typical PKIX usage so libreswan can use nss without rejecting certs based on EKU (BZ#1725116)
NSS should use getentropy() for seeding its RNG, not /dev/urandom. Needs update to NSS 3.37 (BZ#1725117)
Disable TLS 1.3 in FIPS mode (BZ#1725773)
Wrong alert sent when client uses PKCS#1 signatures in TLS 1.3 (BZ#1728259)
x25519 allowed in FIPS mode (BZ#1728260)
post handshake authentication with selfserv does not work if SSL_ENABLE_SESSION_TICKETS is set (BZ#1728261)
Enhancement(s):
- Move IKEv1 and IKEv2 KDF's from libreswan to nss-softkn (BZ#1719628)
- ID
- RHSA-2019:1951
- Severity
- moderate
- URL
- https://access.redhat.com/errata/RHSA-2019:1951
- Published
-
2019-07-30T00:00:00
(5 years ago) - Modified
-
2019-07-30T00:00:00
(5 years ago) - Rights
- Copyright 2019 Red Hat, Inc.
- Other Advisories
-
-
ALAS-2020-1355
-
ALAS-2021-1522
-
ALAS2-2020-1379
-
ALAS2-2020-1384
-
ALAS2-2020-1559
-
ALAS2-2024-2470
-
ALPINE:CVE-2019-11719
-
ALPINE:CVE-2019-11729
-
ASA-201907-4
-
DSA-4579-1
-
ELSA-2019-1951
-
ELSA-2019-4190
-
ELSA-2020-4076
-
FEDORA-2019-68b9bec5ca
-
FEDORA-2019-c602845b91
-
FREEBSD:0592F49F-B3B8-4260-B648-D1718762656C
-
GLSA-201908-12
-
GLSA-201908-20
-
GLSA-202003-37
-
MFSA-2019-21
-
MFSA-2019-22
-
MFSA-2019-23
-
MFSA-2019-28
-
openSUSE-SU-2019:1782-1
-
openSUSE-SU-2019:1811-1
-
openSUSE-SU-2019:1813-1
-
openSUSE-SU-2019:1990-1
-
openSUSE-SU-2019:2248-1
-
openSUSE-SU-2019:2249-1
-
openSUSE-SU-2019:2251-1
-
openSUSE-SU-2019:2260-1
-
openSUSE-SU-2020:0008-1
-
RHEA-2019:3280
-
RHSA-2019:2237
-
RHSA-2019:4190
-
RHSA-2020:4076
-
SSA:2019-191-01
-
SUSE-SU-2019:1861-1
-
SUSE-SU-2019:1861-2
-
SUSE-SU-2019:1861-3
-
SUSE-SU-2019:1869-1
-
SUSE-SU-2019:1960-1
-
SUSE-SU-2019:2515-1
-
SUSE-SU-2019:2545-1
-
SUSE-SU-2019:2620-1
-
SUSE-SU-2019:3395-1
-
USN-3898-1
-
USN-3898-2
-
USN-4054-1
-
USN-4060-1
-
USN-4060-2
-
USN-4064-1
-
USN-4215-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Bugzilla | 1671310 |
|
|
| Bugzilla | 1703979 |
|
|
| Bugzilla | 1728436 |
|
|
| Bugzilla | 1728437 |
|
|
| Bugzilla | 1730988 |
|
|
| RHSA | RHSA-2019:1951 |
|
|
| CVE | CVE-2018-18508 |
|
|
| CVE | CVE-2019-11719 |
|
|
| CVE | CVE-2019-11727 |
|
|
| CVE | CVE-2019-11729 |
|
|
| CVE | CVE-2019-17007 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/redhat/nss?arch=x86_64&distro=redhat-8.0 | redhat |
 nss
|
< 3.44.0-7.el8_0 | redhat-8.0 | x86_64 | |
| Affected | pkg:rpm/redhat/nss?arch=s390x&distro=redhat-8.0 | redhat |
nss
|
< 3.44.0-7.el8_0 | redhat-8.0 | s390x | |
| Affected | pkg:rpm/redhat/nss?arch=ppc64le&distro=redhat-8.0 | redhat |
nss
|
< 3.44.0-7.el8_0 | redhat-8.0 | ppc64le | |
| Affected | pkg:rpm/redhat/nss?arch=i686&distro=redhat-8.0 | redhat |
nss
|
< 3.44.0-7.el8_0 | redhat-8.0 | i686 | |
| Affected | pkg:rpm/redhat/nss?arch=aarch64&distro=redhat-8.0 | redhat |
nss
|
< 3.44.0-7.el8_0 | redhat-8.0 | aarch64 | |
| Affected | pkg:rpm/redhat/nss-util?arch=x86_64&distro=redhat-8.0 | redhat |
nss-util
|
< 3.44.0-7.el8_0 | redhat-8.0 | x86_64 | |
| Affected | pkg:rpm/redhat/nss-util?arch=s390x&distro=redhat-8.0 | redhat |
nss-util
|
< 3.44.0-7.el8_0 | redhat-8.0 | s390x | |
| Affected | pkg:rpm/redhat/nss-util?arch=ppc64le&distro=redhat-8.0 | redhat |
nss-util
|
< 3.44.0-7.el8_0 | redhat-8.0 | ppc64le | |
| Affected | pkg:rpm/redhat/nss-util?arch=i686&distro=redhat-8.0 | redhat |
nss-util
|
< 3.44.0-7.el8_0 | redhat-8.0 | i686 | |
| Affected | pkg:rpm/redhat/nss-util?arch=aarch64&distro=redhat-8.0 | redhat |
nss-util
|
< 3.44.0-7.el8_0 | redhat-8.0 | aarch64 | |
| Affected | pkg:rpm/redhat/nss-util-devel?arch=x86_64&distro=redhat-8.0 | redhat |
nss-util-devel
|
< 3.44.0-7.el8_0 | redhat-8.0 | x86_64 | |
| Affected | pkg:rpm/redhat/nss-util-devel?arch=s390x&distro=redhat-8.0 | redhat |
nss-util-devel
|
< 3.44.0-7.el8_0 | redhat-8.0 | s390x | |
| Affected | pkg:rpm/redhat/nss-util-devel?arch=ppc64le&distro=redhat-8.0 | redhat |
nss-util-devel
|
< 3.44.0-7.el8_0 | redhat-8.0 | ppc64le | |
| Affected | pkg:rpm/redhat/nss-util-devel?arch=i686&distro=redhat-8.0 | redhat |
nss-util-devel
|
< 3.44.0-7.el8_0 | redhat-8.0 | i686 | |
| Affected | pkg:rpm/redhat/nss-util-devel?arch=aarch64&distro=redhat-8.0 | redhat |
nss-util-devel
|
< 3.44.0-7.el8_0 | redhat-8.0 | aarch64 | |
| Affected | pkg:rpm/redhat/nss-tools?arch=x86_64&distro=redhat-8.0 | redhat |
nss-tools
|
< 3.44.0-7.el8_0 | redhat-8.0 | x86_64 | |
| Affected | pkg:rpm/redhat/nss-tools?arch=s390x&distro=redhat-8.0 | redhat |
nss-tools
|
< 3.44.0-7.el8_0 | redhat-8.0 | s390x | |
| Affected | pkg:rpm/redhat/nss-tools?arch=ppc64le&distro=redhat-8.0 | redhat |
nss-tools
|
< 3.44.0-7.el8_0 | redhat-8.0 | ppc64le | |
| Affected | pkg:rpm/redhat/nss-tools?arch=aarch64&distro=redhat-8.0 | redhat |
nss-tools
|
< 3.44.0-7.el8_0 | redhat-8.0 | aarch64 | |
| Affected | pkg:rpm/redhat/nss-sysinit?arch=x86_64&distro=redhat-8.0 | redhat |
nss-sysinit
|
< 3.44.0-7.el8_0 | redhat-8.0 | x86_64 | |
| Affected | pkg:rpm/redhat/nss-sysinit?arch=s390x&distro=redhat-8.0 | redhat |
nss-sysinit
|
< 3.44.0-7.el8_0 | redhat-8.0 | s390x | |
| Affected | pkg:rpm/redhat/nss-sysinit?arch=ppc64le&distro=redhat-8.0 | redhat |
nss-sysinit
|
< 3.44.0-7.el8_0 | redhat-8.0 | ppc64le | |
| Affected | pkg:rpm/redhat/nss-sysinit?arch=aarch64&distro=redhat-8.0 | redhat |
nss-sysinit
|
< 3.44.0-7.el8_0 | redhat-8.0 | aarch64 | |
| Affected | pkg:rpm/redhat/nss-softokn?arch=x86_64&distro=redhat-8.0 | redhat |
nss-softokn
|
< 3.44.0-7.el8_0 | redhat-8.0 | x86_64 | |
| Affected | pkg:rpm/redhat/nss-softokn?arch=s390x&distro=redhat-8.0 | redhat |
nss-softokn
|
< 3.44.0-7.el8_0 | redhat-8.0 | s390x | |
| Affected | pkg:rpm/redhat/nss-softokn?arch=ppc64le&distro=redhat-8.0 | redhat |
nss-softokn
|
< 3.44.0-7.el8_0 | redhat-8.0 | ppc64le | |
| Affected | pkg:rpm/redhat/nss-softokn?arch=i686&distro=redhat-8.0 | redhat |
nss-softokn
|
< 3.44.0-7.el8_0 | redhat-8.0 | i686 | |
| Affected | pkg:rpm/redhat/nss-softokn?arch=aarch64&distro=redhat-8.0 | redhat |
nss-softokn
|
< 3.44.0-7.el8_0 | redhat-8.0 | aarch64 | |
| Affected | pkg:rpm/redhat/nss-softokn-freebl?arch=x86_64&distro=redhat-8.0 | redhat |
nss-softokn-freebl
|
< 3.44.0-7.el8_0 | redhat-8.0 | x86_64 | |
| Affected | pkg:rpm/redhat/nss-softokn-freebl?arch=s390x&distro=redhat-8.0 | redhat |
nss-softokn-freebl
|
< 3.44.0-7.el8_0 | redhat-8.0 | s390x | |
| Affected | pkg:rpm/redhat/nss-softokn-freebl?arch=ppc64le&distro=redhat-8.0 | redhat |
nss-softokn-freebl
|
< 3.44.0-7.el8_0 | redhat-8.0 | ppc64le | |
| Affected | pkg:rpm/redhat/nss-softokn-freebl?arch=i686&distro=redhat-8.0 | redhat |
nss-softokn-freebl
|
< 3.44.0-7.el8_0 | redhat-8.0 | i686 | |
| Affected | pkg:rpm/redhat/nss-softokn-freebl?arch=aarch64&distro=redhat-8.0 | redhat |
nss-softokn-freebl
|
< 3.44.0-7.el8_0 | redhat-8.0 | aarch64 | |
| Affected | pkg:rpm/redhat/nss-softokn-freebl-devel?arch=x86_64&distro=redhat-8.0 | redhat |
nss-softokn-freebl-devel
|
< 3.44.0-7.el8_0 | redhat-8.0 | x86_64 | |
| Affected | pkg:rpm/redhat/nss-softokn-freebl-devel?arch=s390x&distro=redhat-8.0 | redhat |
nss-softokn-freebl-devel
|
< 3.44.0-7.el8_0 | redhat-8.0 | s390x | |
| Affected | pkg:rpm/redhat/nss-softokn-freebl-devel?arch=ppc64le&distro=redhat-8.0 | redhat |
nss-softokn-freebl-devel
|
< 3.44.0-7.el8_0 | redhat-8.0 | ppc64le | |
| Affected | pkg:rpm/redhat/nss-softokn-freebl-devel?arch=i686&distro=redhat-8.0 | redhat |
nss-softokn-freebl-devel
|
< 3.44.0-7.el8_0 | redhat-8.0 | i686 | |
| Affected | pkg:rpm/redhat/nss-softokn-freebl-devel?arch=aarch64&distro=redhat-8.0 | redhat |
nss-softokn-freebl-devel
|
< 3.44.0-7.el8_0 | redhat-8.0 | aarch64 | |
| Affected | pkg:rpm/redhat/nss-softokn-devel?arch=x86_64&distro=redhat-8.0 | redhat |
nss-softokn-devel
|
< 3.44.0-7.el8_0 | redhat-8.0 | x86_64 | |
| Affected | pkg:rpm/redhat/nss-softokn-devel?arch=s390x&distro=redhat-8.0 | redhat |
nss-softokn-devel
|
< 3.44.0-7.el8_0 | redhat-8.0 | s390x | |
| Affected | pkg:rpm/redhat/nss-softokn-devel?arch=ppc64le&distro=redhat-8.0 | redhat |
nss-softokn-devel
|
< 3.44.0-7.el8_0 | redhat-8.0 | ppc64le | |
| Affected | pkg:rpm/redhat/nss-softokn-devel?arch=i686&distro=redhat-8.0 | redhat |
nss-softokn-devel
|
< 3.44.0-7.el8_0 | redhat-8.0 | i686 | |
| Affected | pkg:rpm/redhat/nss-softokn-devel?arch=aarch64&distro=redhat-8.0 | redhat |
nss-softokn-devel
|
< 3.44.0-7.el8_0 | redhat-8.0 | aarch64 | |
| Affected | pkg:rpm/redhat/nss-devel?arch=x86_64&distro=redhat-8.0 | redhat |
nss-devel
|
< 3.44.0-7.el8_0 | redhat-8.0 | x86_64 | |
| Affected | pkg:rpm/redhat/nss-devel?arch=s390x&distro=redhat-8.0 | redhat |
nss-devel
|
< 3.44.0-7.el8_0 | redhat-8.0 | s390x | |
| Affected | pkg:rpm/redhat/nss-devel?arch=ppc64le&distro=redhat-8.0 | redhat |
nss-devel
|
< 3.44.0-7.el8_0 | redhat-8.0 | ppc64le | |
| Affected | pkg:rpm/redhat/nss-devel?arch=i686&distro=redhat-8.0 | redhat |
nss-devel
|
< 3.44.0-7.el8_0 | redhat-8.0 | i686 | |
| Affected | pkg:rpm/redhat/nss-devel?arch=aarch64&distro=redhat-8.0 | redhat |
nss-devel
|
< 3.44.0-7.el8_0 | redhat-8.0 | aarch64 | |
| Affected | pkg:rpm/redhat/nspr?arch=x86_64&distro=redhat-8.0 | redhat |
nspr
|
< 4.21.0-2.el8_0 | redhat-8.0 | x86_64 | |
| Affected | pkg:rpm/redhat/nspr?arch=s390x&distro=redhat-8.0 | redhat |
nspr
|
< 4.21.0-2.el8_0 | redhat-8.0 | s390x | |
| Affected | pkg:rpm/redhat/nspr?arch=ppc64le&distro=redhat-8.0 | redhat |
nspr
|
< 4.21.0-2.el8_0 | redhat-8.0 | ppc64le | |
| Affected | pkg:rpm/redhat/nspr?arch=i686&distro=redhat-8.0 | redhat |
nspr
|
< 4.21.0-2.el8_0 | redhat-8.0 | i686 | |
| Affected | pkg:rpm/redhat/nspr?arch=aarch64&distro=redhat-8.0 | redhat |
nspr
|
< 4.21.0-2.el8_0 | redhat-8.0 | aarch64 | |
| Affected | pkg:rpm/redhat/nspr-devel?arch=x86_64&distro=redhat-8.0 | redhat |
nspr-devel
|
< 4.21.0-2.el8_0 | redhat-8.0 | x86_64 | |
| Affected | pkg:rpm/redhat/nspr-devel?arch=s390x&distro=redhat-8.0 | redhat |
nspr-devel
|
< 4.21.0-2.el8_0 | redhat-8.0 | s390x | |
| Affected | pkg:rpm/redhat/nspr-devel?arch=ppc64le&distro=redhat-8.0 | redhat |
nspr-devel
|
< 4.21.0-2.el8_0 | redhat-8.0 | ppc64le | |
| Affected | pkg:rpm/redhat/nspr-devel?arch=i686&distro=redhat-8.0 | redhat |
nspr-devel
|
< 4.21.0-2.el8_0 | redhat-8.0 | i686 | |
| Affected | pkg:rpm/redhat/nspr-devel?arch=aarch64&distro=redhat-8.0 | redhat |
nspr-devel
|
< 4.21.0-2.el8_0 | redhat-8.0 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |