4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
0.043 Low
EPSS
Percentile
92.3%
CentOS Errata and Security Advisory CESA-2018:2898
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
Security Fix(es):
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank the Mozilla project for reporting this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2018-October/085223.html
Affected packages:
nss
nss-devel
nss-pkcs11-devel
nss-sysinit
nss-tools
Upstream details at:
https://access.redhat.com/errata/RHSA-2018:2898
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | nss | < 3.36.0-9.el6_10 | nss-3.36.0-9.el6_10.i686.rpm |
CentOS | 6 | i686 | nss-devel | < 3.36.0-9.el6_10 | nss-devel-3.36.0-9.el6_10.i686.rpm |
CentOS | 6 | i686 | nss-pkcs11-devel | < 3.36.0-9.el6_10 | nss-pkcs11-devel-3.36.0-9.el6_10.i686.rpm |
CentOS | 6 | i686 | nss-sysinit | < 3.36.0-9.el6_10 | nss-sysinit-3.36.0-9.el6_10.i686.rpm |
CentOS | 6 | i686 | nss-tools | < 3.36.0-9.el6_10 | nss-tools-3.36.0-9.el6_10.i686.rpm |
CentOS | 6 | i686 | nss | < 3.36.0-9.el6_10 | nss-3.36.0-9.el6_10.i686.rpm |
CentOS | 6 | x86_64 | nss | < 3.36.0-9.el6_10 | nss-3.36.0-9.el6_10.x86_64.rpm |
CentOS | 6 | i686 | nss-devel | < 3.36.0-9.el6_10 | nss-devel-3.36.0-9.el6_10.i686.rpm |
CentOS | 6 | x86_64 | nss-devel | < 3.36.0-9.el6_10 | nss-devel-3.36.0-9.el6_10.x86_64.rpm |
CentOS | 6 | i686 | nss-pkcs11-devel | < 3.36.0-9.el6_10 | nss-pkcs11-devel-3.36.0-9.el6_10.i686.rpm |
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
0.043 Low
EPSS
Percentile
92.3%