OESA-2021-1059

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1059
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2021-1059.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2021-1059
Upstream
  • CVE-2019-11756
Published
2021-03-05T11:02:39Z
Modified
2025-08-12T05:04:07.727302Z
Summary
nss security update
Details

Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.

Security Fix(es):

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.(CVE-2019-17006)

In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.(CVE-2019-17007)

A use-after-free flaw was found in Mozilla Network Security Services (NSS) related to PK11 session handling. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled with NSS.(CVE-2019-11756)

A flaw was found in NSS, where it is vulnerable to RSA key generation cache timing side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. The highest threat to this flaw is to confidentiality.(CVE-2020-12402)

Database specific 
{
    "severity": "Critical"
}
References

Affected packages

openEuler:20.03-LTS / nss

Package

Name
nss
Purl
pkg:rpm/openEuler/nss&distro=openEuler-20.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.54.0-2.oe1

Ecosystem specific 

{
    "x86_64": [
        "nss-devel-3.54.0-2.oe1.x86_64.rpm",
        "nss-3.54.0-2.oe1.x86_64.rpm",
        "nss-debugsource-3.54.0-2.oe1.x86_64.rpm",
        "nss-debuginfo-3.54.0-2.oe1.x86_64.rpm",
        "nss-softokn-3.54.0-2.oe1.x86_64.rpm",
        "nss-softokn-devel-3.54.0-2.oe1.x86_64.rpm",
        "nss-util-3.54.0-2.oe1.x86_64.rpm",
        "nss-util-devel-3.54.0-2.oe1.x86_64.rpm"
    ],
    "src": [
        "nss-3.54.0-2.oe1.src.rpm"
    ],
    "aarch64": [
        "nss-3.54.0-2.oe1.aarch64.rpm",
        "nss-devel-3.54.0-2.oe1.aarch64.rpm",
        "nss-debuginfo-3.54.0-2.oe1.aarch64.rpm",
        "nss-debugsource-3.54.0-2.oe1.aarch64.rpm",
        "nss-softokn-3.54.0-2.oe1.aarch64.rpm",
        "nss-softokn-devel-3.54.0-2.oe1.aarch64.rpm",
        "nss-util-3.54.0-2.oe1.aarch64.rpm",
        "nss-util-devel-3.54.0-2.oe1.aarch64.rpm"
    ]
}