Moderate: nss and nspr security, bug fix, and enhancement update

2021-09-2107:08:30

errata.almalinux.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.007 Low

EPSS

Percentile

80.2%

JSON

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities.

The following packages have been upgraded to a later upstream version: nss (3.67.0), nspr (4.32.0). (BZ#1967980)

Security Fix(es):

nss: TLS 1.3 CCS flood remote DoS Attack (CVE-2020-25648)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

8025 error code when creating subCAs (BZ#1977412)
NSS cannot use SQL databases created by specific versions of NSS (BZ#1978443)
Inconsistent handling of malformed CertificateRequest messages (BZ#1980050)

Enhancement(s):

[IBM 8.5 FEAT] [P10] POWER10 performance enhancements for cryptography: NSS FreeBL (BZ#1978257)

OSVersionArchitecturePackageVersionFilename
almalinux8x86_64nss-sysinit< 3.67.0-6.el8_4nss-sysinit-3.67.0-6.el8_4.x86_64.rpm
almalinux8i686nss-softokn-freebl< 3.67.0-6.el8_4nss-softokn-freebl-3.67.0-6.el8_4.i686.rpm
almalinux8i686nss< 3.67.0-6.el8_4nss-3.67.0-6.el8_4.i686.rpm
almalinux8i686nss-devel< 3.67.0-6.el8_4nss-devel-3.67.0-6.el8_4.i686.rpm
almalinux8i686nss-softokn-freebl-devel< 3.67.0-6.el8_4nss-softokn-freebl-devel-3.67.0-6.el8_4.i686.rpm
almalinux8i686nss-util-devel< 3.67.0-6.el8_4nss-util-devel-3.67.0-6.el8_4.i686.rpm
almalinux8i686nspr-devel< 4.32.0-1.el8_4nspr-devel-4.32.0-1.el8_4.i686.rpm
almalinux8i686nss-softokn< 3.67.0-6.el8_4nss-softokn-3.67.0-6.el8_4.i686.rpm
almalinux8x86_64nss-util< 3.67.0-6.el8_4nss-util-3.67.0-6.el8_4.x86_64.rpm
almalinux8x86_64nspr< 4.32.0-1.el8_4nspr-4.32.0-1.el8_4.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
almalinux	8	x86_64	nss-sysinit	< 3.67.0-6.el8_4	nss-sysinit-3.67.0-6.el8_4.x86_64.rpm
almalinux	8	i686	nss-softokn-freebl	< 3.67.0-6.el8_4	nss-softokn-freebl-3.67.0-6.el8_4.i686.rpm
almalinux	8	i686	nss	< 3.67.0-6.el8_4	nss-3.67.0-6.el8_4.i686.rpm
almalinux	8	i686	nss-devel	< 3.67.0-6.el8_4	nss-devel-3.67.0-6.el8_4.i686.rpm
almalinux	8	i686	nss-softokn-freebl-devel	< 3.67.0-6.el8_4	nss-softokn-freebl-devel-3.67.0-6.el8_4.i686.rpm
almalinux	8	i686	nss-util-devel	< 3.67.0-6.el8_4	nss-util-devel-3.67.0-6.el8_4.i686.rpm
almalinux	8	i686	nspr-devel	< 4.32.0-1.el8_4	nspr-devel-4.32.0-1.el8_4.i686.rpm
almalinux	8	i686	nss-softokn	< 3.67.0-6.el8_4	nss-softokn-3.67.0-6.el8_4.i686.rpm
almalinux	8	x86_64	nss-util	< 3.67.0-6.el8_4	nss-util-3.67.0-6.el8_4.x86_64.rpm
almalinux	8	x86_64	nspr	< 4.32.0-1.el8_4	nspr-4.32.0-1.el8_4.x86_64.rpm