MiracleLinux 8 : nss-3.53.1-17.0.1.el8 (AXSA:2021-1536:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1536:01 advisory. nss: Side channel attack on ECDSA signature generation CVE-2020-6829 nss: P-384 and P-521 implementation uses a side-channel vulnerable modular...

nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read

A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and strictly enforcing tag length. The highest threat from...

nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read

A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and strictly enforcing tag length. The highest threat from...

nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read

A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and strictly enforcing tag length. The highest threat from...

nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read

A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and strictly enforcing tag length. The highest threat from...