Lucene search

CloudLinuxCLSA-2021:1640002354

HistoryDec 20, 2021 - 12:12 p.m.

Fix of CVE: CVE-2021-43527

2021-12-2012:12:34

repo.cloudlinux.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.0%

JSON

CVE-2021-43527: Fix memory corruption in decodeECorDsaSignature with DSA
signatures (and RSA-PSS)
Update to CKBI 2.50 from NSS 3.67
Removing:

# Certificate "Verisign Class 3 Public Primary Certification Authority - G3"

# Certificate "AddTrust Low-Value Services Root"

```
# Certificate "AddTrust External Root"
```
```
# Certificate "GeoTrust Global CA"
```
```
# Certificate "GeoTrust Universal CA"
```

# Certificate "GeoTrust Universal CA 2"

```
# Certificate "QuoVadis Root CA"
```
```
# Certificate "Sonera Class 2 Root CA"
```

# Certificate "UTN USERFirst Email Root CA"

```
# Certificate "Taiwan GRCA"
```

# Certificate "Certplus Class 2 Primary CA"

# Certificate "GeoTrust Primary Certification Authority"

```
# Certificate "thawte Primary Root CA"
```

# Certificate "VeriSign Class 3 Public Primary Certification Authority - G5"

# Certificate "Deutsche Telekom Root CA 2"

# Certificate "GeoTrust Primary Certification Authority - G3"

# Certificate "thawte Primary Root CA - G2"

# Certificate "thawte Primary Root CA - G3"

# Certificate "GeoTrust Primary Certification Authority - G2"

# Certificate "VeriSign Universal Root Certification Authority"

# Certificate "VeriSign Class 3 Public Primary Certification Authority - G4"

# Certificate "Staat der Nederlanden Root CA - G2"

```
# Certificate "Trustis FPS Root CA"
```

# Certificate "EE Certification Centre Root CA"

```
# Certificate "Swisscom Root CA 2"
```
```
# Certificate "Certinomis - Root CA"
```
```
# Certificate "LuxTrust Global Root 2"
```

# Certificate "Symantec Class 1 Public Primary Certification Authority - G4"

# Certificate "Symantec Class 2 Public Primary Certification Authority - G4"

Adding:

# Certificate "Entrust Root Certification Authority - G4"

# Certificate "Microsoft ECC Root Certificate Authority 2017"

# Certificate "Microsoft RSA Root Certificate Authority 2017"

```
# Certificate "e-Szigno Root CA 2017"
```
```
# Certificate "certSIGN Root CA G2"
```

# Certificate "Trustwave Global Certification Authority"

# Certificate "Trustwave Global ECC P256 Certification Authority"

# Certificate "Trustwave Global ECC P384 Certification Authority"

# Certificate "NAVER Global Root Certification Authority"

# Certificate "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"

# Certificate "GlobalSign Secure Mail Root R45"

# Certificate "GlobalSign Secure Mail Root E45"

```
# Certificate "GlobalSign Root R46"
```
```
# Certificate "GlobalSign Root E46"
```
```
# Certificate "GLOBALTRUST 2020"
```

# Certificate "ANF Secure Server Root CA"

```
# Certificate "Certum EC-384 CA"
```
```
# Certificate "Certum Trusted Root CA"
```
revert last change. Patch was for nss-softokn
Fix out-of-bounds write in NSC_EncryptUpdate (#1775909)

OSVersionArchitecturePackageVersionFilename
Centos6x86_64nss-tools< 3.44.0nss-3.44.0-12.el6.tuxcare.els1.src.rpm
Centos6i686nss-devel< 3.44.0nss-3.44.0-12.el6.tuxcare.els1.src.rpm
Centos6x86_64nss-pkcs11-devel< 3.44.0nss-3.44.0-12.el6.tuxcare.els1.src.rpm
Centos6x86_64nss-sysinit< 3.44.0nss-3.44.0-12.el6.tuxcare.els1.src.rpm
Centos6i686nss-pkcs11-devel< 3.44.0nss-3.44.0-12.el6.tuxcare.els1.src.rpm
Centos6x86_64nss-devel< 3.44.0nss-3.44.0-12.el6.tuxcare.els1.src.rpm
Centos6i686nss< 3.44.0nss-3.44.0-12.el6.tuxcare.els1.src.rpm
Centos6x86_64nss< 3.44.0nss-3.44.0-12.el6.tuxcare.els1.src.rpm

OS	Version	Architecture	Package	Version	Filename
Centos	6	x86_64	nss-tools	< 3.44.0	nss-3.44.0-12.el6.tuxcare.els1.src.rpm
Centos	6	i686	nss-devel	< 3.44.0	nss-3.44.0-12.el6.tuxcare.els1.src.rpm
Centos	6	x86_64	nss-pkcs11-devel	< 3.44.0	nss-3.44.0-12.el6.tuxcare.els1.src.rpm
Centos	6	x86_64	nss-sysinit	< 3.44.0	nss-3.44.0-12.el6.tuxcare.els1.src.rpm
Centos	6	i686	nss-pkcs11-devel	< 3.44.0	nss-3.44.0-12.el6.tuxcare.els1.src.rpm
Centos	6	x86_64	nss-devel	< 3.44.0	nss-3.44.0-12.el6.tuxcare.els1.src.rpm
Centos	6	i686	nss	< 3.44.0	nss-3.44.0-12.el6.tuxcare.els1.src.rpm
Centos	6	x86_64	nss	< 3.44.0	nss-3.44.0-12.el6.tuxcare.els1.src.rpm