RHSA-2020:3280MediumCVSS 8.1
Red Hat Security Advisory: nss and nspr security, bug fix, and enhancement update
🔗 CVE IDs covered (5)
📋 Description
CVE-2019-11756 — nss: Use-after-free in sftk_FreeSession due to improper refcounting CVE-2019-17006 — nss: Check length of inputs for cryptographic primitives CVE-2019-17023 — nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state CVE-2020-12399 — nss: Timing attack on DSA signature generation CVE-2020-12402 — nss: Side channel vulnerabilities during RSA key generation
🔗 References (15)
- selfhttps://access.redhat.com/errata/RHSA-2020:3280
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1663187
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1691454
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1711375
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1724250
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1750921
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1774835
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1775916
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1791225
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1809637
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1825270
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1826231
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1854564
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3280.json