RHSA-2019:4114: Important: nss security update
Published Dec 9, 2019
·Updated
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.Security Fix(es): nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSCEncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
68 affected componentsFixes available
redhat/nss<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-debuginfo<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-debuginfo<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-debugsource<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-debugsource<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-devel<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-devel<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-softokn<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-softokn<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-softokn-debuginfo<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-softokn-debuginfo<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-softokn-devel<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-softokn-devel<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-softokn-freebl<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-softokn-freebl<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-softokn-freebl-debuginfo<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-softokn-freebl-debuginfo<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-softokn-freebl-devel<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-softokn-freebl-devel<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-sysinit<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-sysinit-debuginfo<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-sysinit-debuginfo<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-tools<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-tools-debuginfo<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-tools-debuginfo<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-util<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-util<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-util-debuginfo<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-util-debuginfo<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-util-devel<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-util-devel<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-sysinit<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-tools<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-debuginfo<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-debugsource<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-devel<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-softokn<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-softokn-debuginfo<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-softokn-devel<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-softokn-freebl<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-softokn-freebl-debuginfo<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-softokn-freebl-devel<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-sysinit<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-sysinit-debuginfo<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-tools<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-tools-debuginfo<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-util<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-util-debuginfo<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss-util-devel<3.44.0-9.el8_1
3.44.0-9.el8_1
redhat/nss<3.44.0-9.el8_1.aa
3.44.0-9.el8_1.aa
redhat/nss-debuginfo<3.44.0-9.el8_1.aa
3.44.0-9.el8_1.aa
redhat/nss-debugsource<3.44.0-9.el8_1.aa
3.44.0-9.el8_1.aa
redhat/nss-devel<3.44.0-9.el8_1.aa
3.44.0-9.el8_1.aa
redhat/nss-softokn<3.44.0-9.el8_1.aa
3.44.0-9.el8_1.aa
redhat/nss-softokn-debuginfo<3.44.0-9.el8_1.aa
3.44.0-9.el8_1.aa
redhat/nss-softokn-devel<3.44.0-9.el8_1.aa
3.44.0-9.el8_1.aa
redhat/nss-softokn-freebl<3.44.0-9.el8_1.aa
3.44.0-9.el8_1.aa
redhat/nss-softokn-freebl-debuginfo<3.44.0-9.el8_1.aa
3.44.0-9.el8_1.aa
redhat/nss-softokn-freebl-devel<3.44.0-9.el8_1.aa
3.44.0-9.el8_1.aa
redhat/nss-sysinit<3.44.0-9.el8_1.aa
3.44.0-9.el8_1.aa
redhat/nss-sysinit-debuginfo<3.44.0-9.el8_1.aa
3.44.0-9.el8_1.aa
redhat/nss-tools<3.44.0-9.el8_1.aa
3.44.0-9.el8_1.aa
redhat/nss-tools-debuginfo<3.44.0-9.el8_1.aa
3.44.0-9.el8_1.aa
redhat/nss-util<3.44.0-9.el8_1.aa
3.44.0-9.el8_1.aa
redhat/nss-util-debuginfo<3.44.0-9.el8_1.aa
3.44.0-9.el8_1.aa
redhat/nss-util-devel<3.44.0-9.el8_1.aa
3.44.0-9.el8_1.aa
Remediation
Event History
Dec 9, 2019
Advisory Published
via Red Hat·12:00 AM
Frequently Asked Questions
1
What is the severity of RHSA-2019:4114?
The severity of RHSA-2019:4114 is classified as important.
2
How do I fix RHSA-2019:4114?
You can fix RHSA-2019:4114 by updating to the package version 3.44.0-9.el8_1 or later.
3
Which packages are affected by RHSA-2019:4114?
The affected packages include nss, nss-debuginfo, nss-softokn, and several related development and debugging packages.
4
What vulnerability does RHSA-2019:4114 address?
RHSA-2019:4114 addresses an out-of-bounds write vulnerability in Network Security Services (NSS) libraries.
5
Is the fix for RHSA-2019:4114 available for all architectures?
Yes, the fix for RHSA-2019:4114 is available for multiple architectures, including x86_64 and ppc64le.