What is the severity of RHSA-2020:1461?

The severity of RHSA-2020:1461 is classified as important.

How do I fix RHSA-2020:1461?

To fix RHSA-2020:1461, update the nss-softokn package to version 3.36.0-6.el7_6 or higher.

What vulnerabilities are addressed in RHSA-2020:1461?

RHSA-2020:1461 addresses an out-of-bounds write vulnerability (CVE-2019-11745) and a key extraction side channel vulnerability.

Which packages are affected by RHSA-2020:1461?

The packages affected by RHSA-2020:1461 include nss-softokn, nss-softokn-debuginfo, nss-softokn-devel, and nss-softokn-freebl.

Is it necessary to restart my system after applying the fix for RHSA-2020:1461?

Yes, a system restart may be necessary to fully apply the updates related to RHSA-2020:1461.

Vulnerability/
RHSA-2020:1461

14/4/2020

RHSA-2020:1461: Important: nss-softokn security update

First published: Tue Apr 14 2020(Updated: )

The nss-softokn package provides the Network Security Services Softoken Cryptographic Module.<br>Security Fix(es):<br><li> nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745)</li> <li> ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Software	Affected Version	How to fix
redhat/nss-softokn	<3.36.0-6.el7_6	3.36.0-6.el7_6
redhat/nss-softokn	<3.36.0-6.el7_6	3.36.0-6.el7_6
redhat/nss-softokn-debuginfo	<3.36.0-6.el7_6	3.36.0-6.el7_6
redhat/nss-softokn-debuginfo	<3.36.0-6.el7_6	3.36.0-6.el7_6
redhat/nss-softokn-devel	<3.36.0-6.el7_6	3.36.0-6.el7_6
redhat/nss-softokn-devel	<3.36.0-6.el7_6	3.36.0-6.el7_6
redhat/nss-softokn-freebl	<3.36.0-6.el7_6	3.36.0-6.el7_6
redhat/nss-softokn-freebl	<3.36.0-6.el7_6	3.36.0-6.el7_6
redhat/nss-softokn-freebl-devel	<3.36.0-6.el7_6	3.36.0-6.el7_6
redhat/nss-softokn-freebl-devel	<3.36.0-6.el7_6	3.36.0-6.el7_6
redhat/nss-softokn	<3.36.0-6.el7_6	3.36.0-6.el7_6
redhat/nss-softokn-debuginfo	<3.36.0-6.el7_6	3.36.0-6.el7_6
redhat/nss-softokn-devel	<3.36.0-6.el7_6	3.36.0-6.el7_6
redhat/nss-softokn-freebl	<3.36.0-6.el7_6	3.36.0-6.el7_6
redhat/nss-softokn-freebl-devel	<3.36.0-6.el7_6	3.36.0-6.el7_6
redhat/nss-softokn	<3.36.0-6.el7_6.aa	3.36.0-6.el7_6.aa
redhat/nss-softokn-debuginfo	<3.36.0-6.el7_6.aa	3.36.0-6.el7_6.aa
redhat/nss-softokn-devel	<3.36.0-6.el7_6.aa	3.36.0-6.el7_6.aa
redhat/nss-softokn-freebl	<3.36.0-6.el7_6.aa	3.36.0-6.el7_6.aa
redhat/nss-softokn-freebl-devel	<3.36.0-6.el7_6.aa	3.36.0-6.el7_6.aa

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2020:1461?
The severity of RHSA-2020:1461 is classified as important.
How do I fix RHSA-2020:1461?
To fix RHSA-2020:1461, update the nss-softokn package to version 3.36.0-6.el7_6 or higher.
What vulnerabilities are addressed in RHSA-2020:1461?
RHSA-2020:1461 addresses an out-of-bounds write vulnerability (CVE-2019-11745) and a key extraction side channel vulnerability.
Which packages are affected by RHSA-2020:1461?
The packages affected by RHSA-2020:1461 include nss-softokn, nss-softokn-debuginfo, nss-softokn-devel, and nss-softokn-freebl.
Is it necessary to restart my system after applying the fix for RHSA-2020:1461?
Yes, a system restart may be necessary to fully apply the updates related to RHSA-2020:1461.

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2020:1461
agent/software-canonical-lookup
package-manager/redhat

Frequently Asked Questions

What is the severity of RHSA-2020:1461?
The severity of RHSA-2020:1461 is classified as important.
How do I fix RHSA-2020:1461?
To fix RHSA-2020:1461, update the nss-softokn package to version 3.36.0-6.el7_6 or higher.
What vulnerabilities are addressed in RHSA-2020:1461?
RHSA-2020:1461 addresses an out-of-bounds write vulnerability (CVE-2019-11745) and a key extraction side channel vulnerability.
Which packages are affected by RHSA-2020:1461?
The packages affected by RHSA-2020:1461 include nss-softokn, nss-softokn-debuginfo, nss-softokn-devel, and nss-softokn-freebl.
Is it necessary to restart my system after applying the fix for RHSA-2020:1461?
Yes, a system restart may be necessary to fully apply the updates related to RHSA-2020:1461.

RHSA-2020:1461: Important: nss-softokn security update

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2020:1461?

How do I fix RHSA-2020:1461?

What vulnerabilities are addressed in RHSA-2020:1461?

Which packages are affected by RHSA-2020:1461?

Is it necessary to restart my system after applying the fix for RHSA-2020:1461?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of RHSA-2020:1461?

How do I fix RHSA-2020:1461?

What vulnerabilities are addressed in RHSA-2020:1461?

Which packages are affected by RHSA-2020:1461?

Is it necessary to restart my system after applying the fix for RHSA-2020:1461?