First published: Tue Mar 09 2021(Updated: )
The nss-softokn package provides the Network Security Services Softoken Cryptographic Module.<br>Security Fix(es):<br><li> nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756)</li> <li> nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)</li> <li> nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/nss-softokn | <3.28.3-10.el7_4 | 3.28.3-10.el7_4 |
redhat/nss-softokn | <3.28.3-10.el7_4 | 3.28.3-10.el7_4 |
redhat/nss-softokn-debuginfo | <3.28.3-10.el7_4 | 3.28.3-10.el7_4 |
redhat/nss-softokn-debuginfo | <3.28.3-10.el7_4 | 3.28.3-10.el7_4 |
redhat/nss-softokn-devel | <3.28.3-10.el7_4 | 3.28.3-10.el7_4 |
redhat/nss-softokn-devel | <3.28.3-10.el7_4 | 3.28.3-10.el7_4 |
redhat/nss-softokn-freebl | <3.28.3-10.el7_4 | 3.28.3-10.el7_4 |
redhat/nss-softokn-freebl | <3.28.3-10.el7_4 | 3.28.3-10.el7_4 |
redhat/nss-softokn-freebl-devel | <3.28.3-10.el7_4 | 3.28.3-10.el7_4 |
redhat/nss-softokn-freebl-devel | <3.28.3-10.el7_4 | 3.28.3-10.el7_4 |
redhat/nss-softokn | <3.28.3-10.el7_4 | 3.28.3-10.el7_4 |
redhat/nss-softokn-debuginfo | <3.28.3-10.el7_4 | 3.28.3-10.el7_4 |
redhat/nss-softokn-devel | <3.28.3-10.el7_4 | 3.28.3-10.el7_4 |
redhat/nss-softokn-freebl | <3.28.3-10.el7_4 | 3.28.3-10.el7_4 |
redhat/nss-softokn-freebl-devel | <3.28.3-10.el7_4 | 3.28.3-10.el7_4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.