What is the severity of RHSA-2023:1436?

The severity of RHSA-2023:1436 is classified as important.

How do I fix RHSA-2023:1436?

To fix RHSA-2023:1436, update to the nss package version 3.44.0-11.el8_1 or later.

What vulnerability does RHSA-2023:1436 address?

RHSA-2023:1436 addresses an arbitrary memory write vulnerability via PKCS 12, identified as CVE-2023-0767.

Which versions of NSS are affected by RHSA-2023:1436?

Versions of the NSS package prior to 3.44.0-11.el8_1 are affected by RHSA-2023:1436.

Is there a known exploit for RHSA-2023:1436?

As of now, there are no publicly reported exploits specifically targeting the vulnerability outlined in RHSA-2023:1436.

Vulnerability/
RHSA-2023:1436

23/3/2023

RHSA-2023:1436: Important: nss security update

First published: Thu Mar 23 2023(Updated: )

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.<br>Security Fix(es):<br><li> nss: Arbitrary memory write via PKCS 12 (CVE-2023-0767)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Software	Affected Version	How to fix
redhat/nss	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-debuginfo	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-debugsource	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-devel	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-softokn	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-softokn-debuginfo	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-softokn-devel	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-softokn-freebl	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-softokn-freebl-debuginfo	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-softokn-freebl-devel	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-sysinit	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-sysinit-debuginfo	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-tools	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-tools-debuginfo	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-util	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-util-debuginfo	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-util-devel	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-debuginfo	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-debuginfo	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-debugsource	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-debugsource	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-devel	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-devel	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-softokn	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-softokn	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-softokn-debuginfo	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-softokn-debuginfo	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-softokn-devel	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-softokn-devel	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-softokn-freebl	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-softokn-freebl	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-softokn-freebl-debuginfo	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-softokn-freebl-debuginfo	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-softokn-freebl-devel	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-softokn-freebl-devel	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-sysinit	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-sysinit-debuginfo	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-sysinit-debuginfo	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-tools	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-tools-debuginfo	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-tools-debuginfo	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-util	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-util	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-util-debuginfo	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-util-debuginfo	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-util-devel	<3.44.0-11.el8_1	3.44.0-11.el8_1
redhat/nss-util-devel	<3.44.0-11.el8_1	3.44.0-11.el8_1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2023:1436?
The severity of RHSA-2023:1436 is classified as important.
How do I fix RHSA-2023:1436?
To fix RHSA-2023:1436, update to the nss package version 3.44.0-11.el8_1 or later.
What vulnerability does RHSA-2023:1436 address?
RHSA-2023:1436 addresses an arbitrary memory write vulnerability via PKCS 12, identified as CVE-2023-0767.
Which versions of NSS are affected by RHSA-2023:1436?
Versions of the NSS package prior to 3.44.0-11.el8_1 are affected by RHSA-2023:1436.
Is there a known exploit for RHSA-2023:1436?
As of now, there are no publicly reported exploits specifically targeting the vulnerability outlined in RHSA-2023:1436.

agent/severity
agent/type
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/remedy
agent/title
agent/references
agent/description
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2023:1436
agent/software-canonical-lookup
agent/event
agent/trending
agent/tags
agent/source
package-manager/redhat