VAR-202010-0251
Vulnerability from variot - Updated: 2025-12-22 23:18In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. Network Security Services (NSS) Exists in an inadequate validation of data reliability vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Solution:
For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html
- Bugs fixed (https://bugzilla.redhat.com/):
1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Passing HTML containing elements to manipulation methods could result in untrusted code execution 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape
Ansible Automation Platform manages Ansible Platform jobs and workflows that can interface with any infrastructure on a Red Hat OpenShift Container Platform cluster, or on a traditional infrastructure that is running off-cluster. Bugs fixed (https://bugzilla.redhat.com/):
1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values
- Description:
Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools.
This advisory is intended to use with container images for Red Hat 3scale API Management 2.10.0. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: nss and nspr security, bug fix, and enhancement update Advisory ID: RHSA-2020:4076-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4076 Issue date: 2020-09-29 CVE Names: CVE-2019-11719 CVE-2019-11727 CVE-2019-11756 CVE-2019-17006 CVE-2019-17023 CVE-2020-6829 CVE-2020-12400 CVE-2020-12401 CVE-2020-12402 CVE-2020-12403 ==================================================================== 1. Summary:
An update for nss, nss-softokn, nss-util, and nspr is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities.
The following packages have been upgraded to a later upstream version: nss (3.53.1), nss-softokn (3.53.1), nss-util (3.53.1), nspr (4.25.0). (BZ#1804262, BZ#1804264, BZ#1804271, BZ#1804273)
Security Fix(es):
-
nss: Out-of-bounds read when importing curve25519 private key (CVE-2019-11719)
-
nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756)
-
nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)
-
nss: Side channel attack on ECDSA signature generation (CVE-2020-6829)
-
nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function (CVE-2020-12400)
-
nss: ECDSA timing attack mitigation bypass (CVE-2020-12401)
-
nss: Side channel vulnerabilities during RSA key generation (CVE-2020-12402)
-
nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403)
-
nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727)
-
nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state (CVE-2019-17023)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Memory leak: libcurl leaks 120 bytes on each connection (BZ#1688958)
-
NSS does not set downgrade sentinel in ServerHello.random for TLS 1.0 and TLS 1.1 (BZ#1712924)
-
Make TLS 1.3 work in FIPS mode (BZ#1724251)
-
Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name (BZ#1737910)
-
x25519 allowed in FIPS mode (BZ#1754518)
-
When NSS_SDB_USE_CACHE not set, after curl access https, dentry increase but never released - consider alternative algorithm for benchmarking ACCESS call in sdb_measureAccess (BZ#1779325)
-
Running ipa-backup continuously causes httpd to crash and makes it irrecoverable (BZ#1804015)
-
nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1857308)
-
KDF-self-tests-induced changes for nss in RHEL 7.9 (BZ#1870885)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, applications using NSS or NSPR (for example, Firefox) must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1688958 - Memory leak: libcurl leaks 120 bytes on each connection [rhel-7.9.z] 1724251 - Make TLS 1.3 work in FIPS mode [rhel-7.9.z] 1728436 - CVE-2019-11719 nss: Out-of-bounds read when importing curve25519 private key 1730988 - CVE-2019-11727 nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 1737910 - Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name [rhel-7.9.z] 1774835 - CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting 1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives 1779325 - when NSS_SDB_USE_CACHE not set, after curl access https, dentry increase but never released - consider alternative algorithm for benchmarking ACCESS call in sdb_measureAccess 1791225 - CVE-2019-17023 nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state 1804015 - Running ipa-backup continuously causes httpd to crash and makes it irrecoverable 1826187 - CVE-2020-6829 nss: Side channel attack on ECDSA signature generation 1826231 - CVE-2020-12402 nss: Side channel vulnerabilities during RSA key generation 1851294 - CVE-2020-12401 nss: ECDSA timing attack mitigation bypass 1853983 - CVE-2020-12400 nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function 1868931 - CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read 1870885 - KDF-self-tests-induced changes for nss in RHEL 7.9
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: nspr-4.25.0-2.el7_9.src.rpm nss-3.53.1-3.el7_9.src.rpm nss-softokn-3.53.1-6.el7_9.src.rpm nss-util-3.53.1-1.el7_9.src.rpm
x86_64: nspr-4.25.0-2.el7_9.i686.rpm nspr-4.25.0-2.el7_9.x86_64.rpm nspr-debuginfo-4.25.0-2.el7_9.i686.rpm nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm nss-3.53.1-3.el7_9.i686.rpm nss-3.53.1-3.el7_9.x86_64.rpm nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-softokn-3.53.1-6.el7_9.i686.rpm nss-softokn-3.53.1-6.el7_9.x86_64.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm nss-sysinit-3.53.1-3.el7_9.x86_64.rpm nss-tools-3.53.1-3.el7_9.x86_64.rpm nss-util-3.53.1-1.el7_9.i686.rpm nss-util-3.53.1-1.el7_9.x86_64.rpm nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: nspr-debuginfo-4.25.0-2.el7_9.i686.rpm nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm nspr-devel-4.25.0-2.el7_9.i686.rpm nspr-devel-4.25.0-2.el7_9.x86_64.rpm nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-devel-3.53.1-3.el7_9.i686.rpm nss-devel-3.53.1-3.el7_9.x86_64.rpm nss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm nss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm nss-softokn-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm nss-util-devel-3.53.1-1.el7_9.i686.rpm nss-util-devel-3.53.1-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: nspr-4.25.0-2.el7_9.src.rpm nss-3.53.1-3.el7_9.src.rpm nss-softokn-3.53.1-6.el7_9.src.rpm nss-util-3.53.1-1.el7_9.src.rpm
x86_64: nspr-4.25.0-2.el7_9.i686.rpm nspr-4.25.0-2.el7_9.x86_64.rpm nspr-debuginfo-4.25.0-2.el7_9.i686.rpm nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm nss-3.53.1-3.el7_9.i686.rpm nss-3.53.1-3.el7_9.x86_64.rpm nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-softokn-3.53.1-6.el7_9.i686.rpm nss-softokn-3.53.1-6.el7_9.x86_64.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm nss-sysinit-3.53.1-3.el7_9.x86_64.rpm nss-tools-3.53.1-3.el7_9.x86_64.rpm nss-util-3.53.1-1.el7_9.i686.rpm nss-util-3.53.1-1.el7_9.x86_64.rpm nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: nspr-debuginfo-4.25.0-2.el7_9.i686.rpm nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm nspr-devel-4.25.0-2.el7_9.i686.rpm nspr-devel-4.25.0-2.el7_9.x86_64.rpm nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-devel-3.53.1-3.el7_9.i686.rpm nss-devel-3.53.1-3.el7_9.x86_64.rpm nss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm nss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm nss-softokn-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm nss-util-devel-3.53.1-1.el7_9.i686.rpm nss-util-devel-3.53.1-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: nspr-4.25.0-2.el7_9.src.rpm nss-3.53.1-3.el7_9.src.rpm nss-softokn-3.53.1-6.el7_9.src.rpm nss-util-3.53.1-1.el7_9.src.rpm
ppc64: nspr-4.25.0-2.el7_9.ppc.rpm nspr-4.25.0-2.el7_9.ppc64.rpm nspr-debuginfo-4.25.0-2.el7_9.ppc.rpm nspr-debuginfo-4.25.0-2.el7_9.ppc64.rpm nspr-devel-4.25.0-2.el7_9.ppc.rpm nspr-devel-4.25.0-2.el7_9.ppc64.rpm nss-3.53.1-3.el7_9.ppc.rpm nss-3.53.1-3.el7_9.ppc64.rpm nss-debuginfo-3.53.1-3.el7_9.ppc.rpm nss-debuginfo-3.53.1-3.el7_9.ppc64.rpm nss-devel-3.53.1-3.el7_9.ppc.rpm nss-devel-3.53.1-3.el7_9.ppc64.rpm nss-softokn-3.53.1-6.el7_9.ppc.rpm nss-softokn-3.53.1-6.el7_9.ppc64.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.ppc.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.ppc64.rpm nss-softokn-devel-3.53.1-6.el7_9.ppc.rpm nss-softokn-devel-3.53.1-6.el7_9.ppc64.rpm nss-softokn-freebl-3.53.1-6.el7_9.ppc.rpm nss-softokn-freebl-3.53.1-6.el7_9.ppc64.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.ppc.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.ppc64.rpm nss-sysinit-3.53.1-3.el7_9.ppc64.rpm nss-tools-3.53.1-3.el7_9.ppc64.rpm nss-util-3.53.1-1.el7_9.ppc.rpm nss-util-3.53.1-1.el7_9.ppc64.rpm nss-util-debuginfo-3.53.1-1.el7_9.ppc.rpm nss-util-debuginfo-3.53.1-1.el7_9.ppc64.rpm nss-util-devel-3.53.1-1.el7_9.ppc.rpm nss-util-devel-3.53.1-1.el7_9.ppc64.rpm
ppc64le: nspr-4.25.0-2.el7_9.ppc64le.rpm nspr-debuginfo-4.25.0-2.el7_9.ppc64le.rpm nspr-devel-4.25.0-2.el7_9.ppc64le.rpm nss-3.53.1-3.el7_9.ppc64le.rpm nss-debuginfo-3.53.1-3.el7_9.ppc64le.rpm nss-devel-3.53.1-3.el7_9.ppc64le.rpm nss-softokn-3.53.1-6.el7_9.ppc64le.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.ppc64le.rpm nss-softokn-devel-3.53.1-6.el7_9.ppc64le.rpm nss-softokn-freebl-3.53.1-6.el7_9.ppc64le.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.ppc64le.rpm nss-sysinit-3.53.1-3.el7_9.ppc64le.rpm nss-tools-3.53.1-3.el7_9.ppc64le.rpm nss-util-3.53.1-1.el7_9.ppc64le.rpm nss-util-debuginfo-3.53.1-1.el7_9.ppc64le.rpm nss-util-devel-3.53.1-1.el7_9.ppc64le.rpm
s390x: nspr-4.25.0-2.el7_9.s390.rpm nspr-4.25.0-2.el7_9.s390x.rpm nspr-debuginfo-4.25.0-2.el7_9.s390.rpm nspr-debuginfo-4.25.0-2.el7_9.s390x.rpm nspr-devel-4.25.0-2.el7_9.s390.rpm nspr-devel-4.25.0-2.el7_9.s390x.rpm nss-3.53.1-3.el7_9.s390.rpm nss-3.53.1-3.el7_9.s390x.rpm nss-debuginfo-3.53.1-3.el7_9.s390.rpm nss-debuginfo-3.53.1-3.el7_9.s390x.rpm nss-devel-3.53.1-3.el7_9.s390.rpm nss-devel-3.53.1-3.el7_9.s390x.rpm nss-softokn-3.53.1-6.el7_9.s390.rpm nss-softokn-3.53.1-6.el7_9.s390x.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.s390.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.s390x.rpm nss-softokn-devel-3.53.1-6.el7_9.s390.rpm nss-softokn-devel-3.53.1-6.el7_9.s390x.rpm nss-softokn-freebl-3.53.1-6.el7_9.s390.rpm nss-softokn-freebl-3.53.1-6.el7_9.s390x.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.s390.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.s390x.rpm nss-sysinit-3.53.1-3.el7_9.s390x.rpm nss-tools-3.53.1-3.el7_9.s390x.rpm nss-util-3.53.1-1.el7_9.s390.rpm nss-util-3.53.1-1.el7_9.s390x.rpm nss-util-debuginfo-3.53.1-1.el7_9.s390.rpm nss-util-debuginfo-3.53.1-1.el7_9.s390x.rpm nss-util-devel-3.53.1-1.el7_9.s390.rpm nss-util-devel-3.53.1-1.el7_9.s390x.rpm
x86_64: nspr-4.25.0-2.el7_9.i686.rpm nspr-4.25.0-2.el7_9.x86_64.rpm nspr-debuginfo-4.25.0-2.el7_9.i686.rpm nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm nspr-devel-4.25.0-2.el7_9.i686.rpm nspr-devel-4.25.0-2.el7_9.x86_64.rpm nss-3.53.1-3.el7_9.i686.rpm nss-3.53.1-3.el7_9.x86_64.rpm nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-devel-3.53.1-3.el7_9.i686.rpm nss-devel-3.53.1-3.el7_9.x86_64.rpm nss-softokn-3.53.1-6.el7_9.i686.rpm nss-softokn-3.53.1-6.el7_9.x86_64.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm nss-softokn-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm nss-sysinit-3.53.1-3.el7_9.x86_64.rpm nss-tools-3.53.1-3.el7_9.x86_64.rpm nss-util-3.53.1-1.el7_9.i686.rpm nss-util-3.53.1-1.el7_9.x86_64.rpm nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm nss-util-devel-3.53.1-1.el7_9.i686.rpm nss-util-devel-3.53.1-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: nss-debuginfo-3.53.1-3.el7_9.ppc.rpm nss-debuginfo-3.53.1-3.el7_9.ppc64.rpm nss-pkcs11-devel-3.53.1-3.el7_9.ppc.rpm nss-pkcs11-devel-3.53.1-3.el7_9.ppc64.rpm
ppc64le: nss-debuginfo-3.53.1-3.el7_9.ppc64le.rpm nss-pkcs11-devel-3.53.1-3.el7_9.ppc64le.rpm
s390x: nss-debuginfo-3.53.1-3.el7_9.s390.rpm nss-debuginfo-3.53.1-3.el7_9.s390x.rpm nss-pkcs11-devel-3.53.1-3.el7_9.s390.rpm nss-pkcs11-devel-3.53.1-3.el7_9.s390x.rpm
x86_64: nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm nss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: nspr-4.25.0-2.el7_9.src.rpm nss-3.53.1-3.el7_9.src.rpm nss-softokn-3.53.1-6.el7_9.src.rpm nss-util-3.53.1-1.el7_9.src.rpm
x86_64: nspr-4.25.0-2.el7_9.i686.rpm nspr-4.25.0-2.el7_9.x86_64.rpm nspr-debuginfo-4.25.0-2.el7_9.i686.rpm nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm nspr-devel-4.25.0-2.el7_9.i686.rpm nspr-devel-4.25.0-2.el7_9.x86_64.rpm nss-3.53.1-3.el7_9.i686.rpm nss-3.53.1-3.el7_9.x86_64.rpm nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-devel-3.53.1-3.el7_9.i686.rpm nss-devel-3.53.1-3.el7_9.x86_64.rpm nss-softokn-3.53.1-6.el7_9.i686.rpm nss-softokn-3.53.1-6.el7_9.x86_64.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm nss-softokn-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm nss-sysinit-3.53.1-3.el7_9.x86_64.rpm nss-tools-3.53.1-3.el7_9.x86_64.rpm nss-util-3.53.1-1.el7_9.i686.rpm nss-util-3.53.1-1.el7_9.x86_64.rpm nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm nss-util-devel-3.53.1-1.el7_9.i686.rpm nss-util-devel-3.53.1-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm nss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-11719 https://access.redhat.com/security/cve/CVE-2019-11727 https://access.redhat.com/security/cve/CVE-2019-11756 https://access.redhat.com/security/cve/CVE-2019-17006 https://access.redhat.com/security/cve/CVE-2019-17023 https://access.redhat.com/security/cve/CVE-2020-6829 https://access.redhat.com/security/cve/CVE-2020-12400 https://access.redhat.com/security/cve/CVE-2020-12401 https://access.redhat.com/security/cve/CVE-2020-12402 https://access.redhat.com/security/cve/CVE-2020-12403 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX3Ok2NzjgjWX9erEAQidHRAAn/wr+iQpt5b54IqKwTLgtnBpRshAWWk1 9xIvejwv+oMhbvULKuTeiCKZetFXErAZcyPYwChDt2X5ZoGUxsIUAAx8pphKaScM 7dLXSGqgYNtduYmBAc2XlDIk244sYednkJ12uK6AjIgtY93wPcrk7wR9wbMF6xKL 9YjsfdKso7bN3vIx43idBVvgs2yArnFYhzCu7azIHxnuiDu9QC1KUomAhEjLlFFk vjsbxL32eb/XFQ6pizoO2Nn3ZREejnAOlTu9U0Hc/u4FxRTns+HcVx6GIA+yNNMO Hfbq1cKzshd7yowumhvatQNjtddmI8pHpW78KVJPma9t8IuoegXAwsXhti39dmtG mWcT0k+1ve+f9MIjY0FpZSFZycyUnmRf+bSstBwsoTL0hHe3RLOEYWulJMZGLyyg yCE36KONSTBo2SoNUMKVlWEIFVvEs9ixq0gzr9tGtGtYra5/GZ0MZntUM2zDwX6N Kd9i7BrjujmL+x0hdjHxGd8BbIf0DO7xOrKyB6IhRu+8MO2qoQayQ3dzyzJixH4z HMk5J5qMHcC2PVxLcKyIbKerm00ZY3ZNarxYdRHmJoX7xV2K69PiPv+2+82k8138 3OVEJSsjfckX2/tinighYNX8HsTtLG8+G1THzF5oRqCS9+T6lBsoorpL+X+YqJNQ eHKv0fAxZzA=Zbhx -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7) - aarch64, ppc64le, s390x
Bug Fix(es):
- Container-native Virtualization 2.4.2 Images (BZ#1877407)
This advisory contains the following OpenShift Virtualization 2.4.2 images:
RHEL-7-CNV-2.4 =============kubevirt-ssp-operator-container-v2.4.2-2
RHEL-8-CNV-2.4 =============virt-cdi-controller-container-v2.4.2-1 virt-cdi-apiserver-container-v2.4.2-1 hostpath-provisioner-operator-container-v2.4.2-1 virt-cdi-uploadproxy-container-v2.4.2-1 virt-cdi-cloner-container-v2.4.2-1 virt-cdi-importer-container-v2.4.2-1 kubevirt-template-validator-container-v2.4.2-1 hostpath-provisioner-container-v2.4.2-1 virt-cdi-uploadserver-container-v2.4.2-1 virt-cdi-operator-container-v2.4.2-1 virt-controller-container-v2.4.2-1 kubevirt-cpu-model-nfd-plugin-container-v2.4.2-1 virt-api-container-v2.4.2-1 ovs-cni-marker-container-v2.4.2-1 kubevirt-cpu-node-labeller-container-v2.4.2-1 bridge-marker-container-v2.4.2-1 kubevirt-metrics-collector-container-v2.4.2-1 kubemacpool-container-v2.4.2-1 cluster-network-addons-operator-container-v2.4.2-1 ovs-cni-plugin-container-v2.4.2-1 kubernetes-nmstate-handler-container-v2.4.2-1 cnv-containernetworking-plugins-container-v2.4.2-1 virtio-win-container-v2.4.2-1 virt-handler-container-v2.4.2-1 virt-launcher-container-v2.4.2-1 cnv-must-gather-container-v2.4.2-1 virt-operator-container-v2.4.2-1 vm-import-controller-container-v2.4.2-1 hyperconverged-cluster-operator-container-v2.4.2-1 vm-import-operator-container-v2.4.2-1 kubevirt-vmware-container-v2.4.2-1 kubevirt-v2v-conversion-container-v2.4.2-1 kubevirt-kvm-info-nfd-plugin-container-v2.4.2-1 node-maintenance-operator-container-v2.4.2-1 hco-bundle-registry-container-v2.4.2-15
- Bugs fixed (https://bugzilla.redhat.com/):
1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1869194 - HCO CR display name should contain "OpenShift Virtualization" instead of CNV 1869734 - OpenShift Virtualization does not appear in OperatorHub when filtering to "Disconnected" 1875383 - terminationGracePeriodSeconds should be updated in VMs created from common templates 1877407 - Container-native Virtualization 2.4.2 Images
-
8) - aarch64, ppc64le, s390x, x86_64
-
(BZ#1854564)
-
nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1855825)
Enhancement(s):
-
[RFE] nss should use AES for storage of keys (BZ#1723819)
-
[rhel-8.2.0.z]
6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-0251",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ruggedcom rox mx5000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "ruggedcom rox rx5000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "ruggedcom rox rx1500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "ruggedcom rox rx1501",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ruggedcom rox rx1400",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "ruggedcom rox rx1510",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "hci compute node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ruggedcom rox rx1511",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "network security services",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.46"
},
{
"model": "hci storage node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ruggedcom rox rx1512",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "network security services",
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": "hci management node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "solidfire",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "hci compute node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "hci storage node",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "ruggedcom rox mx5000",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox rx1400",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox rx1500",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox rx1501",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox rx1510",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox rx1511",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox rx1512",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "ruggedcom rox rx5000",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016070"
},
{
"db": "NVD",
"id": "CVE-2019-17006"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "162130"
},
{
"db": "PACKETSTORM",
"id": "159396"
},
{
"db": "PACKETSTORM",
"id": "161842"
},
{
"db": "PACKETSTORM",
"id": "159497"
},
{
"db": "PACKETSTORM",
"id": "158724"
}
],
"trust": 0.7
},
"cve": "CVE-2019-17006",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-17006",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-17006",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-17006",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-17006",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-17006",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-1134",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-17006",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-17006"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1134"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016070"
},
{
"db": "NVD",
"id": "CVE-2019-17006"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. Network Security Services (NSS) Exists in an inadequate validation of data reliability vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1850004 - CVE-2020-11023 jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection\n1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape\n\n5. \n\nAnsible Automation Platform manages Ansible Platform jobs and workflows\nthat can interface with any infrastructure on a Red Hat OpenShift Container\nPlatform cluster, or on a traditional infrastructure that is running\noff-cluster. Bugs fixed (https://bugzilla.redhat.com/):\n\n1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module\n1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values\n1916813 - CVE-2021-20191 ansible: multiple modules expose secured values\n1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option\n1939349 - CVE-2021-3447 ansible: multiple modules expose secured values\n\n5. Description:\n\nRed Hat 3scale API Management delivers centralized API management features\nthrough a distributed, cloud-hosted layer. It includes built-in features to\nhelp in building a more successful API program, including access control,\nrate limits, payment gateway integration, and developer experience tools. \n\nThis advisory is intended to use with container images for Red Hat 3scale\nAPI Management 2.10.0. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: nss and nspr security, bug fix, and enhancement update\nAdvisory ID: RHSA-2020:4076-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4076\nIssue date: 2020-09-29\nCVE Names: CVE-2019-11719 CVE-2019-11727 CVE-2019-11756\n CVE-2019-17006 CVE-2019-17023 CVE-2020-6829\n CVE-2020-12400 CVE-2020-12401 CVE-2020-12402\n CVE-2020-12403\n====================================================================\n1. Summary:\n\nAn update for nss, nss-softokn, nss-util, and nspr is now available for Red\nHat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. \n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. \n\nThe following packages have been upgraded to a later upstream version: nss\n(3.53.1), nss-softokn (3.53.1), nss-util (3.53.1), nspr (4.25.0). \n(BZ#1804262, BZ#1804264, BZ#1804271, BZ#1804273)\n\nSecurity Fix(es):\n\n* nss: Out-of-bounds read when importing curve25519 private key\n(CVE-2019-11719)\n\n* nss: Use-after-free in sftk_FreeSession due to improper refcounting\n(CVE-2019-11756)\n\n* nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)\n\n* nss: Side channel attack on ECDSA signature generation (CVE-2020-6829)\n\n* nss: P-384 and P-521 implementation uses a side-channel vulnerable\nmodular inversion function (CVE-2020-12400)\n\n* nss: ECDSA timing attack mitigation bypass (CVE-2020-12401)\n\n* nss: Side channel vulnerabilities during RSA key generation\n(CVE-2020-12402)\n\n* nss: CHACHA20-POLY1305 decryption with undersized tag leads to\nout-of-bounds read (CVE-2020-12403)\n\n* nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727)\n\n* nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid\nstate (CVE-2019-17023)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Memory leak: libcurl leaks 120 bytes on each connection (BZ#1688958)\n\n* NSS does not set downgrade sentinel in ServerHello.random for TLS 1.0 and\nTLS 1.1 (BZ#1712924)\n\n* Make TLS 1.3 work in FIPS mode (BZ#1724251)\n\n* Name Constraints validation: CN treated as DNS name even when\nsyntactically invalid as DNS name (BZ#1737910)\n\n* x25519 allowed in FIPS mode (BZ#1754518)\n\n* When NSS_SDB_USE_CACHE not set, after curl access https, dentry increase\nbut never released - consider alternative algorithm for benchmarking ACCESS\ncall in sdb_measureAccess (BZ#1779325)\n\n* Running ipa-backup continuously causes httpd to crash and makes it\nirrecoverable (BZ#1804015)\n\n* nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1857308)\n\n* KDF-self-tests-induced changes for nss in RHEL 7.9 (BZ#1870885)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, applications using NSS or NSPR (for example,\nFirefox) must be restarted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1688958 - Memory leak: libcurl leaks 120 bytes on each connection [rhel-7.9.z]\n1724251 - Make TLS 1.3 work in FIPS mode [rhel-7.9.z]\n1728436 - CVE-2019-11719 nss: Out-of-bounds read when importing curve25519 private key\n1730988 - CVE-2019-11727 nss: PKCS#1 v1.5 signatures can be used for TLS 1.3\n1737910 - Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name [rhel-7.9.z]\n1774835 - CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting\n1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives\n1779325 - when NSS_SDB_USE_CACHE not set, after curl access https, dentry increase but never released - consider alternative algorithm for benchmarking ACCESS call in sdb_measureAccess\n1791225 - CVE-2019-17023 nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state\n1804015 - Running ipa-backup continuously causes httpd to crash and makes it irrecoverable\n1826187 - CVE-2020-6829 nss: Side channel attack on ECDSA signature generation\n1826231 - CVE-2020-12402 nss: Side channel vulnerabilities during RSA key generation\n1851294 - CVE-2020-12401 nss: ECDSA timing attack mitigation bypass\n1853983 - CVE-2020-12400 nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function\n1868931 - CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read\n1870885 - KDF-self-tests-induced changes for nss in RHEL 7.9\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nnspr-4.25.0-2.el7_9.src.rpm\nnss-3.53.1-3.el7_9.src.rpm\nnss-softokn-3.53.1-6.el7_9.src.rpm\nnss-util-3.53.1-1.el7_9.src.rpm\n\nx86_64:\nnspr-4.25.0-2.el7_9.i686.rpm\nnspr-4.25.0-2.el7_9.x86_64.rpm\nnspr-debuginfo-4.25.0-2.el7_9.i686.rpm\nnspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm\nnss-3.53.1-3.el7_9.i686.rpm\nnss-3.53.1-3.el7_9.x86_64.rpm\nnss-debuginfo-3.53.1-3.el7_9.i686.rpm\nnss-debuginfo-3.53.1-3.el7_9.x86_64.rpm\nnss-softokn-3.53.1-6.el7_9.i686.rpm\nnss-softokn-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.i686.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm\nnss-sysinit-3.53.1-3.el7_9.x86_64.rpm\nnss-tools-3.53.1-3.el7_9.x86_64.rpm\nnss-util-3.53.1-1.el7_9.i686.rpm\nnss-util-3.53.1-1.el7_9.x86_64.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.i686.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nnspr-debuginfo-4.25.0-2.el7_9.i686.rpm\nnspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm\nnspr-devel-4.25.0-2.el7_9.i686.rpm\nnspr-devel-4.25.0-2.el7_9.x86_64.rpm\nnss-debuginfo-3.53.1-3.el7_9.i686.rpm\nnss-debuginfo-3.53.1-3.el7_9.x86_64.rpm\nnss-devel-3.53.1-3.el7_9.i686.rpm\nnss-devel-3.53.1-3.el7_9.x86_64.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-devel-3.53.1-6.el7_9.i686.rpm\nnss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.i686.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm\nnss-util-devel-3.53.1-1.el7_9.i686.rpm\nnss-util-devel-3.53.1-1.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nnspr-4.25.0-2.el7_9.src.rpm\nnss-3.53.1-3.el7_9.src.rpm\nnss-softokn-3.53.1-6.el7_9.src.rpm\nnss-util-3.53.1-1.el7_9.src.rpm\n\nx86_64:\nnspr-4.25.0-2.el7_9.i686.rpm\nnspr-4.25.0-2.el7_9.x86_64.rpm\nnspr-debuginfo-4.25.0-2.el7_9.i686.rpm\nnspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm\nnss-3.53.1-3.el7_9.i686.rpm\nnss-3.53.1-3.el7_9.x86_64.rpm\nnss-debuginfo-3.53.1-3.el7_9.i686.rpm\nnss-debuginfo-3.53.1-3.el7_9.x86_64.rpm\nnss-softokn-3.53.1-6.el7_9.i686.rpm\nnss-softokn-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.i686.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm\nnss-sysinit-3.53.1-3.el7_9.x86_64.rpm\nnss-tools-3.53.1-3.el7_9.x86_64.rpm\nnss-util-3.53.1-1.el7_9.i686.rpm\nnss-util-3.53.1-1.el7_9.x86_64.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.i686.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nnspr-debuginfo-4.25.0-2.el7_9.i686.rpm\nnspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm\nnspr-devel-4.25.0-2.el7_9.i686.rpm\nnspr-devel-4.25.0-2.el7_9.x86_64.rpm\nnss-debuginfo-3.53.1-3.el7_9.i686.rpm\nnss-debuginfo-3.53.1-3.el7_9.x86_64.rpm\nnss-devel-3.53.1-3.el7_9.i686.rpm\nnss-devel-3.53.1-3.el7_9.x86_64.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-devel-3.53.1-6.el7_9.i686.rpm\nnss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.i686.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm\nnss-util-devel-3.53.1-1.el7_9.i686.rpm\nnss-util-devel-3.53.1-1.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nnspr-4.25.0-2.el7_9.src.rpm\nnss-3.53.1-3.el7_9.src.rpm\nnss-softokn-3.53.1-6.el7_9.src.rpm\nnss-util-3.53.1-1.el7_9.src.rpm\n\nppc64:\nnspr-4.25.0-2.el7_9.ppc.rpm\nnspr-4.25.0-2.el7_9.ppc64.rpm\nnspr-debuginfo-4.25.0-2.el7_9.ppc.rpm\nnspr-debuginfo-4.25.0-2.el7_9.ppc64.rpm\nnspr-devel-4.25.0-2.el7_9.ppc.rpm\nnspr-devel-4.25.0-2.el7_9.ppc64.rpm\nnss-3.53.1-3.el7_9.ppc.rpm\nnss-3.53.1-3.el7_9.ppc64.rpm\nnss-debuginfo-3.53.1-3.el7_9.ppc.rpm\nnss-debuginfo-3.53.1-3.el7_9.ppc64.rpm\nnss-devel-3.53.1-3.el7_9.ppc.rpm\nnss-devel-3.53.1-3.el7_9.ppc64.rpm\nnss-softokn-3.53.1-6.el7_9.ppc.rpm\nnss-softokn-3.53.1-6.el7_9.ppc64.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.ppc.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.ppc64.rpm\nnss-softokn-devel-3.53.1-6.el7_9.ppc.rpm\nnss-softokn-devel-3.53.1-6.el7_9.ppc64.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.ppc.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.ppc64.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.ppc.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.ppc64.rpm\nnss-sysinit-3.53.1-3.el7_9.ppc64.rpm\nnss-tools-3.53.1-3.el7_9.ppc64.rpm\nnss-util-3.53.1-1.el7_9.ppc.rpm\nnss-util-3.53.1-1.el7_9.ppc64.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.ppc.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.ppc64.rpm\nnss-util-devel-3.53.1-1.el7_9.ppc.rpm\nnss-util-devel-3.53.1-1.el7_9.ppc64.rpm\n\nppc64le:\nnspr-4.25.0-2.el7_9.ppc64le.rpm\nnspr-debuginfo-4.25.0-2.el7_9.ppc64le.rpm\nnspr-devel-4.25.0-2.el7_9.ppc64le.rpm\nnss-3.53.1-3.el7_9.ppc64le.rpm\nnss-debuginfo-3.53.1-3.el7_9.ppc64le.rpm\nnss-devel-3.53.1-3.el7_9.ppc64le.rpm\nnss-softokn-3.53.1-6.el7_9.ppc64le.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.ppc64le.rpm\nnss-softokn-devel-3.53.1-6.el7_9.ppc64le.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.ppc64le.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.ppc64le.rpm\nnss-sysinit-3.53.1-3.el7_9.ppc64le.rpm\nnss-tools-3.53.1-3.el7_9.ppc64le.rpm\nnss-util-3.53.1-1.el7_9.ppc64le.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.ppc64le.rpm\nnss-util-devel-3.53.1-1.el7_9.ppc64le.rpm\n\ns390x:\nnspr-4.25.0-2.el7_9.s390.rpm\nnspr-4.25.0-2.el7_9.s390x.rpm\nnspr-debuginfo-4.25.0-2.el7_9.s390.rpm\nnspr-debuginfo-4.25.0-2.el7_9.s390x.rpm\nnspr-devel-4.25.0-2.el7_9.s390.rpm\nnspr-devel-4.25.0-2.el7_9.s390x.rpm\nnss-3.53.1-3.el7_9.s390.rpm\nnss-3.53.1-3.el7_9.s390x.rpm\nnss-debuginfo-3.53.1-3.el7_9.s390.rpm\nnss-debuginfo-3.53.1-3.el7_9.s390x.rpm\nnss-devel-3.53.1-3.el7_9.s390.rpm\nnss-devel-3.53.1-3.el7_9.s390x.rpm\nnss-softokn-3.53.1-6.el7_9.s390.rpm\nnss-softokn-3.53.1-6.el7_9.s390x.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.s390.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.s390x.rpm\nnss-softokn-devel-3.53.1-6.el7_9.s390.rpm\nnss-softokn-devel-3.53.1-6.el7_9.s390x.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.s390.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.s390x.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.s390.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.s390x.rpm\nnss-sysinit-3.53.1-3.el7_9.s390x.rpm\nnss-tools-3.53.1-3.el7_9.s390x.rpm\nnss-util-3.53.1-1.el7_9.s390.rpm\nnss-util-3.53.1-1.el7_9.s390x.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.s390.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.s390x.rpm\nnss-util-devel-3.53.1-1.el7_9.s390.rpm\nnss-util-devel-3.53.1-1.el7_9.s390x.rpm\n\nx86_64:\nnspr-4.25.0-2.el7_9.i686.rpm\nnspr-4.25.0-2.el7_9.x86_64.rpm\nnspr-debuginfo-4.25.0-2.el7_9.i686.rpm\nnspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm\nnspr-devel-4.25.0-2.el7_9.i686.rpm\nnspr-devel-4.25.0-2.el7_9.x86_64.rpm\nnss-3.53.1-3.el7_9.i686.rpm\nnss-3.53.1-3.el7_9.x86_64.rpm\nnss-debuginfo-3.53.1-3.el7_9.i686.rpm\nnss-debuginfo-3.53.1-3.el7_9.x86_64.rpm\nnss-devel-3.53.1-3.el7_9.i686.rpm\nnss-devel-3.53.1-3.el7_9.x86_64.rpm\nnss-softokn-3.53.1-6.el7_9.i686.rpm\nnss-softokn-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-devel-3.53.1-6.el7_9.i686.rpm\nnss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.i686.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm\nnss-sysinit-3.53.1-3.el7_9.x86_64.rpm\nnss-tools-3.53.1-3.el7_9.x86_64.rpm\nnss-util-3.53.1-1.el7_9.i686.rpm\nnss-util-3.53.1-1.el7_9.x86_64.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.i686.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm\nnss-util-devel-3.53.1-1.el7_9.i686.rpm\nnss-util-devel-3.53.1-1.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nnss-debuginfo-3.53.1-3.el7_9.ppc.rpm\nnss-debuginfo-3.53.1-3.el7_9.ppc64.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.ppc.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.ppc64.rpm\n\nppc64le:\nnss-debuginfo-3.53.1-3.el7_9.ppc64le.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.ppc64le.rpm\n\ns390x:\nnss-debuginfo-3.53.1-3.el7_9.s390.rpm\nnss-debuginfo-3.53.1-3.el7_9.s390x.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.s390.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.s390x.rpm\n\nx86_64:\nnss-debuginfo-3.53.1-3.el7_9.i686.rpm\nnss-debuginfo-3.53.1-3.el7_9.x86_64.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nnspr-4.25.0-2.el7_9.src.rpm\nnss-3.53.1-3.el7_9.src.rpm\nnss-softokn-3.53.1-6.el7_9.src.rpm\nnss-util-3.53.1-1.el7_9.src.rpm\n\nx86_64:\nnspr-4.25.0-2.el7_9.i686.rpm\nnspr-4.25.0-2.el7_9.x86_64.rpm\nnspr-debuginfo-4.25.0-2.el7_9.i686.rpm\nnspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm\nnspr-devel-4.25.0-2.el7_9.i686.rpm\nnspr-devel-4.25.0-2.el7_9.x86_64.rpm\nnss-3.53.1-3.el7_9.i686.rpm\nnss-3.53.1-3.el7_9.x86_64.rpm\nnss-debuginfo-3.53.1-3.el7_9.i686.rpm\nnss-debuginfo-3.53.1-3.el7_9.x86_64.rpm\nnss-devel-3.53.1-3.el7_9.i686.rpm\nnss-devel-3.53.1-3.el7_9.x86_64.rpm\nnss-softokn-3.53.1-6.el7_9.i686.rpm\nnss-softokn-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-devel-3.53.1-6.el7_9.i686.rpm\nnss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.i686.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm\nnss-sysinit-3.53.1-3.el7_9.x86_64.rpm\nnss-tools-3.53.1-3.el7_9.x86_64.rpm\nnss-util-3.53.1-1.el7_9.i686.rpm\nnss-util-3.53.1-1.el7_9.x86_64.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.i686.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm\nnss-util-devel-3.53.1-1.el7_9.i686.rpm\nnss-util-devel-3.53.1-1.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nnss-debuginfo-3.53.1-3.el7_9.i686.rpm\nnss-debuginfo-3.53.1-3.el7_9.x86_64.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-11719\nhttps://access.redhat.com/security/cve/CVE-2019-11727\nhttps://access.redhat.com/security/cve/CVE-2019-11756\nhttps://access.redhat.com/security/cve/CVE-2019-17006\nhttps://access.redhat.com/security/cve/CVE-2019-17023\nhttps://access.redhat.com/security/cve/CVE-2020-6829\nhttps://access.redhat.com/security/cve/CVE-2020-12400\nhttps://access.redhat.com/security/cve/CVE-2020-12401\nhttps://access.redhat.com/security/cve/CVE-2020-12402\nhttps://access.redhat.com/security/cve/CVE-2020-12403\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX3Ok2NzjgjWX9erEAQidHRAAn/wr+iQpt5b54IqKwTLgtnBpRshAWWk1\n9xIvejwv+oMhbvULKuTeiCKZetFXErAZcyPYwChDt2X5ZoGUxsIUAAx8pphKaScM\n7dLXSGqgYNtduYmBAc2XlDIk244sYednkJ12uK6AjIgtY93wPcrk7wR9wbMF6xKL\n9YjsfdKso7bN3vIx43idBVvgs2yArnFYhzCu7azIHxnuiDu9QC1KUomAhEjLlFFk\nvjsbxL32eb/XFQ6pizoO2Nn3ZREejnAOlTu9U0Hc/u4FxRTns+HcVx6GIA+yNNMO\nHfbq1cKzshd7yowumhvatQNjtddmI8pHpW78KVJPma9t8IuoegXAwsXhti39dmtG\nmWcT0k+1ve+f9MIjY0FpZSFZycyUnmRf+bSstBwsoTL0hHe3RLOEYWulJMZGLyyg\nyCE36KONSTBo2SoNUMKVlWEIFVvEs9ixq0gzr9tGtGtYra5/GZ0MZntUM2zDwX6N\nKd9i7BrjujmL+x0hdjHxGd8BbIf0DO7xOrKyB6IhRu+8MO2qoQayQ3dzyzJixH4z\nHMk5J5qMHcC2PVxLcKyIbKerm00ZY3ZNarxYdRHmJoX7xV2K69PiPv+2+82k8138\n3OVEJSsjfckX2/tinighYNX8HsTtLG8+G1THzF5oRqCS9+T6lBsoorpL+X+YqJNQ\neHKv0fAxZzA=Zbhx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 7) - aarch64, ppc64le, s390x\n\n3. \n\nBug Fix(es):\n\n* Container-native Virtualization 2.4.2 Images (BZ#1877407)\n\nThis advisory contains the following OpenShift Virtualization 2.4.2 images:\n\nRHEL-7-CNV-2.4\n=============kubevirt-ssp-operator-container-v2.4.2-2\n\nRHEL-8-CNV-2.4\n=============virt-cdi-controller-container-v2.4.2-1\nvirt-cdi-apiserver-container-v2.4.2-1\nhostpath-provisioner-operator-container-v2.4.2-1\nvirt-cdi-uploadproxy-container-v2.4.2-1\nvirt-cdi-cloner-container-v2.4.2-1\nvirt-cdi-importer-container-v2.4.2-1\nkubevirt-template-validator-container-v2.4.2-1\nhostpath-provisioner-container-v2.4.2-1\nvirt-cdi-uploadserver-container-v2.4.2-1\nvirt-cdi-operator-container-v2.4.2-1\nvirt-controller-container-v2.4.2-1\nkubevirt-cpu-model-nfd-plugin-container-v2.4.2-1\nvirt-api-container-v2.4.2-1\novs-cni-marker-container-v2.4.2-1\nkubevirt-cpu-node-labeller-container-v2.4.2-1\nbridge-marker-container-v2.4.2-1\nkubevirt-metrics-collector-container-v2.4.2-1\nkubemacpool-container-v2.4.2-1\ncluster-network-addons-operator-container-v2.4.2-1\novs-cni-plugin-container-v2.4.2-1\nkubernetes-nmstate-handler-container-v2.4.2-1\ncnv-containernetworking-plugins-container-v2.4.2-1\nvirtio-win-container-v2.4.2-1\nvirt-handler-container-v2.4.2-1\nvirt-launcher-container-v2.4.2-1\ncnv-must-gather-container-v2.4.2-1\nvirt-operator-container-v2.4.2-1\nvm-import-controller-container-v2.4.2-1\nhyperconverged-cluster-operator-container-v2.4.2-1\nvm-import-operator-container-v2.4.2-1\nkubevirt-vmware-container-v2.4.2-1\nkubevirt-v2v-conversion-container-v2.4.2-1\nkubevirt-kvm-info-nfd-plugin-container-v2.4.2-1\nnode-maintenance-operator-container-v2.4.2-1\nhco-bundle-registry-container-v2.4.2-15\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS\n1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs\n1869194 - HCO CR display name should contain \"OpenShift Virtualization\" instead of CNV\n1869734 - OpenShift Virtualization does not appear in OperatorHub when filtering to \"Disconnected\"\n1875383 - terminationGracePeriodSeconds should be updated in VMs created from common templates\n1877407 - Container-native Virtualization 2.4.2 Images\n\n5. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. (BZ#1854564)\n\n* nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1855825)\n\nEnhancement(s):\n\n* [RFE] nss should use AES for storage of keys (BZ#1723819)\n\n4. [rhel-8.2.0.z]\n\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17006"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016070"
},
{
"db": "VULMON",
"id": "CVE-2019-17006"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "162130"
},
{
"db": "PACKETSTORM",
"id": "159396"
},
{
"db": "PACKETSTORM",
"id": "161842"
},
{
"db": "PACKETSTORM",
"id": "159497"
},
{
"db": "PACKETSTORM",
"id": "158724"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-17006",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-21-040-04",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-379803",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016070",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162142",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162130",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159396",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161842",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159497",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158724",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.0491",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3355",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3535",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2604",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2650",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0072",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0933",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3461",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1193",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0053",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0834",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2446",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0986",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0136",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0001",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3631",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1091",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1207",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161706",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161916",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "159553",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "159661",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155889",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162026",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071301",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021043017",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1134",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-17006",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161727",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-17006"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "162130"
},
{
"db": "PACKETSTORM",
"id": "159396"
},
{
"db": "PACKETSTORM",
"id": "161842"
},
{
"db": "PACKETSTORM",
"id": "159497"
},
{
"db": "PACKETSTORM",
"id": "158724"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1134"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016070"
},
{
"db": "NVD",
"id": "CVE-2019-17006"
}
]
},
"id": "VAR-202010-0251",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.52540106
},
"last_update_date": "2025-12-22T23:18:05.511000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "NTAP-20210129-0001 Siemens Siemens\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes"
},
{
"title": "Mozilla Network Security Services Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105845"
},
{
"title": "Ubuntu Security Notice: nss vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4231-1"
},
{
"title": "Red Hat: Moderate: nss and nspr security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203280 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: A security vulnerabilitiy has been fixed in IBM Security Identity Manager Virtual Appliance(CVE-2019-17006)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a91447c5697ecfb6bbab6f4cf67cb949"
},
{
"title": "Red Hat: Moderate: nss and nspr security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204076 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4726-1 nss -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2610caa3eacc40f97585be7c579718bd"
},
{
"title": "Red Hat: Low: OpenShift Virtualization 2.4.2 Images",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204201 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=52844442ae85845bde006e7f0170408e"
},
{
"title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204255 - Security Advisory"
},
{
"title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204254 - Security Advisory"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=409c1cd1b8ef401020956950fd839000"
},
{
"title": "Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204264 - Security Advisory"
},
{
"title": "zot",
"trust": 0.1,
"url": "https://github.com/anuvu/zot "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-17006"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1134"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016070"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Inadequate verification of data reliability (CWE-345) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016070"
},
{
"db": "NVD",
"id": "CVE-2019-17006"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
},
{
"trust": 1.7,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.46_release_notes"
},
{
"trust": 1.7,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210129-0001/"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17006"
},
{
"trust": 0.7,
"url": "https://usn.ubuntu.com/4231-1/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-11756"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12402"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-17023"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-12402"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193395-1.html"
},
{
"trust": 0.6,
"url": "https://www.debian.org/lts/security/2020/dla-2058"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200088-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3535/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155889/ubuntu-security-notice-usn-4231-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159396/red-hat-security-advisory-2020-4076-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0072/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0136/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1207"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0834"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0933"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerabilitiy-has-been-fixed-in-ibm-security-identity-manager-virtual-appliancecve-2019-17006/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2019-17006-cve-2019-17023-cve-2020-12403/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nss-and-nspr-cve-2019-17006/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3355/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1091"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1193"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159497/red-hat-security-advisory-2020-4201-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159553/red-hat-security-advisory-2020-4255-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-security-vulnerabilities-7/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0986"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/mozilla-nss-buffer-overflow-via-cryptographic-primitives-31248"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0053/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071301"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158724/red-hat-security-advisory-2020-3280-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2650/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0001/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2604"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0491"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161706/red-hat-security-advisory-2021-0758-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2446/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159661/red-hat-security-advisory-2020-4264-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021043017"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2019-17006-cve-2019-17023-cve-2020-12403-2/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161916/red-hat-security-advisory-2021-0949-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162142/red-hat-security-advisory-2021-1079-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161842/red-hat-security-advisory-2021-0876-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3461/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3631/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-multiple-mozilla-firefox-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162026/red-hat-security-advisory-2021-1026-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162130/red-hat-security-advisory-2021-1129-01.html"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-12403"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12403"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-12401"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-11719"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12401"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-6829"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12400"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-12400"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-11727"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-12749"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1971"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8177"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-12243"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12243"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1971"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17498"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12723"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20228"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12723"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20191"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20180"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20178"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5188"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5094"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-5188"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-5094"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/345.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111311"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10878"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20253"
},
{
"trust": 0.1,
"url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5766"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5766"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35678"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1079"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-12652"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15999"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12652"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3156"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3447"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5313"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15999"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5313"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25211"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25656"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19126"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28374"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14351"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29661"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20265"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0427"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14351"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19532"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7053"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19532"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4076"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6829"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17007"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17007"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14365"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4201"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14365"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12825"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12825"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3280"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-17006"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "162130"
},
{
"db": "PACKETSTORM",
"id": "159396"
},
{
"db": "PACKETSTORM",
"id": "161842"
},
{
"db": "PACKETSTORM",
"id": "159497"
},
{
"db": "PACKETSTORM",
"id": "158724"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1134"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016070"
},
{
"db": "NVD",
"id": "CVE-2019-17006"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-17006"
},
{
"db": "PACKETSTORM",
"id": "161727"
},
{
"db": "PACKETSTORM",
"id": "162142"
},
{
"db": "PACKETSTORM",
"id": "162130"
},
{
"db": "PACKETSTORM",
"id": "159396"
},
{
"db": "PACKETSTORM",
"id": "161842"
},
{
"db": "PACKETSTORM",
"id": "159497"
},
{
"db": "PACKETSTORM",
"id": "158724"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-1134"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-016070"
},
{
"db": "NVD",
"id": "CVE-2019-17006"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-22T00:00:00",
"db": "VULMON",
"id": "CVE-2019-17006"
},
{
"date": "2021-03-09T16:25:11",
"db": "PACKETSTORM",
"id": "161727"
},
{
"date": "2021-04-09T15:06:13",
"db": "PACKETSTORM",
"id": "162142"
},
{
"date": "2021-04-08T14:00:00",
"db": "PACKETSTORM",
"id": "162130"
},
{
"date": "2020-09-30T15:50:53",
"db": "PACKETSTORM",
"id": "159396"
},
{
"date": "2021-03-17T14:35:53",
"db": "PACKETSTORM",
"id": "161842"
},
{
"date": "2020-10-07T16:06:29",
"db": "PACKETSTORM",
"id": "159497"
},
{
"date": "2020-08-03T17:14:53",
"db": "PACKETSTORM",
"id": "158724"
},
{
"date": "2019-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-1134"
},
{
"date": "2021-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-016070"
},
{
"date": "2020-10-22T21:15:12.560000",
"db": "NVD",
"id": "CVE-2019-17006"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-19T00:00:00",
"db": "VULMON",
"id": "CVE-2019-17006"
},
{
"date": "2021-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-1134"
},
{
"date": "2021-05-12T08:27:00",
"db": "JVNDB",
"id": "JVNDB-2019-016070"
},
{
"date": "2024-11-21T04:31:31.573000",
"db": "NVD",
"id": "CVE-2019-17006"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-1134"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Network\u00a0Security\u00a0Services\u00a0 Vulnerability for inadequate validation of data reliability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-016070"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-1134"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.