RHSA-2019:4190

Affecting nss-softokn package, versions <0:3.44.0-8.el7_7

Report new vulnerabilities
high severity
Do your applications use this vulnerable package? Test your applications

Overview

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Security Fix(es): * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) * nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

CVE
RHSA-2019:4190
Snyk ID
SNYK-CENTOS7-NSSSOFTOKN-537108
Published
10 Dec, 2019