Red Hat Security Advisory: nss and nspr security, bug fix, and enhancement update
🔗 CVE IDs covered (10)
📋 Description
CVE-2019-11719 — nss: Out-of-bounds read when importing curve25519 private key CVE-2019-11727 — nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 CVE-2019-11756 — nss: Use-after-free in sftk_FreeSession due to improper refcounting CVE-2019-17006 — nss: Check length of inputs for cryptographic primitives CVE-2019-17023 — nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state CVE-2020-6829 — nss: Side channel attack on ECDSA signature generation CVE-2020-12400 — nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function CVE-2020-12401 — nss: ECDSA timing attack mitigation bypass CVE-2020-12402 — nss: Side channel vulnerabilities during RSA key generation CVE-2020-12403 — nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read
🔗 References (19)
- selfhttps://access.redhat.com/errata/RHSA-2020:4076
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1688958
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1724251
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1728436
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1730988
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1737910
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1774835
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1775916
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1779325
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1791225
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1804015
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1826187
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1826231
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1851294
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1853983
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1868931
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1870885
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4076.json