What is the severity of RHSA-2020:0243?

The severity of RHSA-2020:0243 is classified as moderate.

How do I fix RHSA-2020:0243?

To fix RHSA-2020:0243, update the affected nss package to version 3.44.0-8.el8_0 or later.

Which systems are affected by RHSA-2020:0243?

RHSA-2020:0243 affects systems using the nss library, including various architectures such as x86_64 and ppc64le.

What kind of vulnerability is addressed in RHSA-2020:0243?

RHSA-2020:0243 addresses an out-of-bounds write vulnerability when passing an output buffer smaller than the block size to NSC_Encrypt.

Is RHSA-2020:0243 applicable to production environments?

Yes, RHSA-2020:0243 should be addressed in production environments to mitigate potential security risks.

Vulnerability/
RHSA-2020:0243

27/1/2020

20/6/2024

RHSA-2020:0243: Important: nss security update

First published: Mon Jan 27 2020(Updated: )

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.<br>Security Fix(es):<br><li> nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Software	Affected Version	How to fix
redhat/nss	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-debuginfo	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-debugsource	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-devel	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-softokn	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-softokn-debuginfo	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-softokn-devel	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-softokn-freebl	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-softokn-freebl-debuginfo	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-softokn-freebl-devel	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-sysinit	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-sysinit-debuginfo	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-tools	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-tools-debuginfo	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-util	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-util-debuginfo	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-util-devel	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-debuginfo	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-debuginfo	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-debugsource	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-debugsource	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-devel	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-devel	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-softokn	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-softokn	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-softokn-debuginfo	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-softokn-debuginfo	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-softokn-devel	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-softokn-devel	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-softokn-freebl	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-softokn-freebl	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-softokn-freebl-debuginfo	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-softokn-freebl-debuginfo	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-softokn-freebl-devel	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-softokn-freebl-devel	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-sysinit	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-sysinit-debuginfo	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-sysinit-debuginfo	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-tools	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-tools-debuginfo	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-tools-debuginfo	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-util	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-util	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-util-debuginfo	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-util-debuginfo	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-util-devel	<3.44.0-8.el8_0	3.44.0-8.el8_0
redhat/nss-util-devel	<3.44.0-8.el8_0	3.44.0-8.el8_0

Never miss a vulnerability like this again

Reference Links

https://access.redhat.com/errata/RHSA-2020:0243 (Advisory)

Frequently Asked Questions

What is the severity of RHSA-2020:0243?
The severity of RHSA-2020:0243 is classified as moderate.
How do I fix RHSA-2020:0243?
To fix RHSA-2020:0243, update the affected nss package to version 3.44.0-8.el8_0 or later.
Which systems are affected by RHSA-2020:0243?
RHSA-2020:0243 affects systems using the nss library, including various architectures such as x86_64 and ppc64le.
What kind of vulnerability is addressed in RHSA-2020:0243?
RHSA-2020:0243 addresses an out-of-bounds write vulnerability when passing an output buffer smaller than the block size to NSC_Encrypt.
Is RHSA-2020:0243 applicable to production environments?
Yes, RHSA-2020:0243 should be addressed in production environments to mitigate potential security risks.

agent/severity
agent/type
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
agent/title
agent/description
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2020:0243
agent/software-canonical-lookup
agent/remedy
agent/references
agent/tags
agent/event
agent/source
package-manager/redhat

RHSA-2020:0243: Important: nss security update

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2020:0243?

How do I fix RHSA-2020:0243?

Which systems are affected by RHSA-2020:0243?

What kind of vulnerability is addressed in RHSA-2020:0243?

Is RHSA-2020:0243 applicable to production environments?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of RHSA-2020:0243?

How do I fix RHSA-2020:0243?

Which systems are affected by RHSA-2020:0243?

What kind of vulnerability is addressed in RHSA-2020:0243?

Is RHSA-2020:0243 applicable to production environments?