Lucene search

CentOS ProjectCESA-2019:2237

HistoryAug 30, 2019 - 3:43 a.m.

nspr, nss security update

2019-08-3003:43:23

CentOS Project

lists.centos.org

385

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.088

Percentile

94.7%

JSON

CentOS Errata and Security Advisory CESA-2019:2237

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities.

The following packages have been upgraded to a later upstream version: nss (3.44.0), nss-softokn (3.44.0), nss-util (3.44.0), nspr (4.21.0). (BZ#1645231, BZ#1692269, BZ#1692271, BZ#1692274)

Security Fix(es):

ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495)
nss: Cache side-channel variant of the Bleichenbacher attack (CVE-2018-12404)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032281.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032282.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032284.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032285.html

Affected packages:
nspr
nspr-devel
nss
nss-devel
nss-pkcs11-devel
nss-softokn
nss-softokn-devel
nss-softokn-freebl
nss-softokn-freebl-devel
nss-sysinit
nss-tools
nss-util
nss-util-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2019:2237

OSVersionArchitecturePackageVersionFilename
CentOS7i686nspr< 4.21.0-1.el7nspr-4.21.0-1.el7.i686.rpm
CentOS7x86_64nspr< 4.21.0-1.el7nspr-4.21.0-1.el7.x86_64.rpm
CentOS7i686nspr-devel< 4.21.0-1.el7nspr-devel-4.21.0-1.el7.i686.rpm
CentOS7x86_64nspr-devel< 4.21.0-1.el7nspr-devel-4.21.0-1.el7.x86_64.rpm
CentOS7i686nss< 3.44.0-4.el7nss-3.44.0-4.el7.i686.rpm
CentOS7x86_64nss< 3.44.0-4.el7nss-3.44.0-4.el7.x86_64.rpm
CentOS7i686nss-devel< 3.44.0-4.el7nss-devel-3.44.0-4.el7.i686.rpm
CentOS7x86_64nss-devel< 3.44.0-4.el7nss-devel-3.44.0-4.el7.x86_64.rpm
CentOS7i686nss-pkcs11-devel< 3.44.0-4.el7nss-pkcs11-devel-3.44.0-4.el7.i686.rpm
CentOS7x86_64nss-pkcs11-devel< 3.44.0-4.el7nss-pkcs11-devel-3.44.0-4.el7.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	7	i686	nspr	< 4.21.0-1.el7	nspr-4.21.0-1.el7.i686.rpm
CentOS	7	x86_64	nspr	< 4.21.0-1.el7	nspr-4.21.0-1.el7.x86_64.rpm
CentOS	7	i686	nspr-devel	< 4.21.0-1.el7	nspr-devel-4.21.0-1.el7.i686.rpm
CentOS	7	x86_64	nspr-devel	< 4.21.0-1.el7	nspr-devel-4.21.0-1.el7.x86_64.rpm
CentOS	7	i686	nss	< 3.44.0-4.el7	nss-3.44.0-4.el7.i686.rpm
CentOS	7	x86_64	nss	< 3.44.0-4.el7	nss-3.44.0-4.el7.x86_64.rpm
CentOS	7	i686	nss-devel	< 3.44.0-4.el7	nss-devel-3.44.0-4.el7.i686.rpm
CentOS	7	x86_64	nss-devel	< 3.44.0-4.el7	nss-devel-3.44.0-4.el7.x86_64.rpm
CentOS	7	i686	nss-pkcs11-devel	< 3.44.0-4.el7	nss-pkcs11-devel-3.44.0-4.el7.i686.rpm
CentOS	7	x86_64	nss-pkcs11-devel	< 3.44.0-4.el7	nss-pkcs11-devel-3.44.0-4.el7.x86_64.rpm