exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2020-1345-01

Red Hat Security Advisory 2020-1345-01
Posted Apr 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1345-01 - The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Issues addressed include an out of bounds write vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-0495, CVE-2019-11745
SHA-256 | d852834b4835e74d1e0d4154ee53eff6902a40b19a727bd5211d084bed71c503

Red Hat Security Advisory 2020-1345-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: nss-softokn security update
Advisory ID: RHSA-2020:1345-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1345
Issue date: 2020-04-07
CVE Names: CVE-2018-0495 CVE-2019-11745
====================================================================
1. Summary:

An update for nss-softokn is now available for Red Hat Enterprise Linux 7.4
Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update
Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP
Solutions.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64
Red Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64
Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64

3. Description:

The nss-softokn package provides the Network Security Services Softoken
Cryptographic Module.

Security Fix(es):

* nss: Out-of-bounds write when passing an output buffer smaller than the
block size to NSC_EncryptUpdate (CVE-2019-11745)

* ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries
(CVE-2018-0495)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1591163 - CVE-2018-0495 ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries
1774831 - CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.4):

Source:
nss-softokn-3.28.3-9.el7_4.src.rpm

x86_64:
nss-softokn-3.28.3-9.el7_4.i686.rpm
nss-softokn-3.28.3-9.el7_4.x86_64.rpm
nss-softokn-debuginfo-3.28.3-9.el7_4.i686.rpm
nss-softokn-debuginfo-3.28.3-9.el7_4.x86_64.rpm
nss-softokn-devel-3.28.3-9.el7_4.i686.rpm
nss-softokn-devel-3.28.3-9.el7_4.x86_64.rpm
nss-softokn-freebl-3.28.3-9.el7_4.i686.rpm
nss-softokn-freebl-3.28.3-9.el7_4.x86_64.rpm
nss-softokn-freebl-devel-3.28.3-9.el7_4.i686.rpm
nss-softokn-freebl-devel-3.28.3-9.el7_4.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.4):

Source:
nss-softokn-3.28.3-9.el7_4.src.rpm

ppc64le:
nss-softokn-3.28.3-9.el7_4.ppc64le.rpm
nss-softokn-debuginfo-3.28.3-9.el7_4.ppc64le.rpm
nss-softokn-devel-3.28.3-9.el7_4.ppc64le.rpm
nss-softokn-freebl-3.28.3-9.el7_4.ppc64le.rpm
nss-softokn-freebl-devel-3.28.3-9.el7_4.ppc64le.rpm

x86_64:
nss-softokn-3.28.3-9.el7_4.i686.rpm
nss-softokn-3.28.3-9.el7_4.x86_64.rpm
nss-softokn-debuginfo-3.28.3-9.el7_4.i686.rpm
nss-softokn-debuginfo-3.28.3-9.el7_4.x86_64.rpm
nss-softokn-devel-3.28.3-9.el7_4.i686.rpm
nss-softokn-devel-3.28.3-9.el7_4.x86_64.rpm
nss-softokn-freebl-3.28.3-9.el7_4.i686.rpm
nss-softokn-freebl-3.28.3-9.el7_4.x86_64.rpm
nss-softokn-freebl-devel-3.28.3-9.el7_4.i686.rpm
nss-softokn-freebl-devel-3.28.3-9.el7_4.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.4):

Source:
nss-softokn-3.28.3-9.el7_4.src.rpm

x86_64:
nss-softokn-3.28.3-9.el7_4.i686.rpm
nss-softokn-3.28.3-9.el7_4.x86_64.rpm
nss-softokn-debuginfo-3.28.3-9.el7_4.i686.rpm
nss-softokn-debuginfo-3.28.3-9.el7_4.x86_64.rpm
nss-softokn-devel-3.28.3-9.el7_4.i686.rpm
nss-softokn-devel-3.28.3-9.el7_4.x86_64.rpm
nss-softokn-freebl-3.28.3-9.el7_4.i686.rpm
nss-softokn-freebl-3.28.3-9.el7_4.x86_64.rpm
nss-softokn-freebl-devel-3.28.3-9.el7_4.i686.rpm
nss-softokn-freebl-devel-3.28.3-9.el7_4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-0495
https://access.redhat.com/security/cve/CVE-2019-11745
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXoxI5dzjgjWX9erEAQiD+hAAkAnoav5FMltQo/IdtfRZMwhxS9N0Y6W4
H/xwgg/jipCZ61vE/STaMM44zJWSzTayme8nslELtqRsijY9GdhZwH0lLrtYbVEJ
sdWliYxfPwzlqokaIi9HcnbDok2xYrhbM5wfzSMcvE2Coq8yoo4++Nrlv0m7cxNE
dAVJZNi594WBeiNdffFfoGBLFewr+qcfLwd20hQpjji74V/r+Q6fj4BHp7ilU5qU
0s/0lEFzCr4vOXYrIe58P4DRhcO4C8W5qAVDAtjx4cXGkUPIjbcO2JJE7ywlFajp
5EBgZeJK9f7MbWGXMjEOGJhPDt0uykj2f8AGZKZxh4Az4GyijMQMYKRkiwBy4HRd
BBb0hCti/phfzx2enk5Z39e1tAX91h3nlzAbWQbcEOmvrcudxjnxkM9DTh9h5nQZ
eHN9kE18KrYExvJXA5seWD/p/LBW5DXaaumKcHXiKoS6d+O+D43DwvUpzdl2JP+e
57xTskKOrZzk1h7O+1LoEstTI7bqTnYH7VCfIQEdgKBG3AQ2t5O8vfWFLKF7AjXX
CoYdmT0cMtu2r00Scr7JSs45hQ/Yy0bBiUSlvDKNnVhsr45EscG5pAVVzID5DlCh
cMol1vhCBoV53UfQ3wkZiqMcxsJxNC5ajN9Q7lZgejg2zA1bGySrXALlg13t3ZIH
olEFz/LzYms=XO4i
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close