Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.4610
nss, nss-softokn, nss-util security update
11 December 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: nss, nss-softokn, nss-util
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux WS/Desktop 7
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux WS/Desktop 6
Red Hat Enterprise Linux Server 7
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-11745 CVE-2019-11729
Reference: ASB-2019.0191
ASB-2019.0190
ESB-2019.4594
Original Bulletin:
https://access.redhat.com/errata/RHSA-2019:4190
https://access.redhat.com/errata/RHSA-2019:4152
Comment: This bulletin contains two (2) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: nss, nss-softokn, nss-util security update
Advisory ID: RHSA-2019:4190-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:4190
Issue date: 2019-12-10
CVE Names: CVE-2019-11729 CVE-2019-11745
=====================================================================
1. Summary:
An update for nss, nss-softokn, and nss-util is now available for Red Hat
Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
Network Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications.
The nss-softokn package provides the Network Security Services Softoken
Cryptographic Module.
The nss-util packages provide utilities for use with the Network Security
Services (NSS) libraries.
Security Fix(es):
* nss: Out-of-bounds write when passing an output buffer smaller than the
block size to NSC_EncryptUpdate (CVE-2019-11745)
* nss: Empty or malformed p256-ECDH public keys may trigger a segmentation
fault (CVE-2019-11729)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, applications using NSS (for example, Firefox)
must be restarted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1728437 - CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault
1774831 - CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
nss-3.44.0-7.el7_7.src.rpm
nss-softokn-3.44.0-8.el7_7.src.rpm
nss-util-3.44.0-4.el7_7.src.rpm
x86_64:
nss-3.44.0-7.el7_7.i686.rpm
nss-3.44.0-7.el7_7.x86_64.rpm
nss-debuginfo-3.44.0-7.el7_7.i686.rpm
nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm
nss-softokn-3.44.0-8.el7_7.i686.rpm
nss-softokn-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm
nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm
nss-sysinit-3.44.0-7.el7_7.x86_64.rpm
nss-tools-3.44.0-7.el7_7.x86_64.rpm
nss-util-3.44.0-4.el7_7.i686.rpm
nss-util-3.44.0-4.el7_7.x86_64.rpm
nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm
nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
nss-debuginfo-3.44.0-7.el7_7.i686.rpm
nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm
nss-devel-3.44.0-7.el7_7.i686.rpm
nss-devel-3.44.0-7.el7_7.x86_64.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-devel-3.44.0-8.el7_7.i686.rpm
nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm
nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm
nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm
nss-util-devel-3.44.0-4.el7_7.i686.rpm
nss-util-devel-3.44.0-4.el7_7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
nss-3.44.0-7.el7_7.src.rpm
nss-softokn-3.44.0-8.el7_7.src.rpm
nss-util-3.44.0-4.el7_7.src.rpm
x86_64:
nss-3.44.0-7.el7_7.i686.rpm
nss-3.44.0-7.el7_7.x86_64.rpm
nss-debuginfo-3.44.0-7.el7_7.i686.rpm
nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm
nss-softokn-3.44.0-8.el7_7.i686.rpm
nss-softokn-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm
nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm
nss-sysinit-3.44.0-7.el7_7.x86_64.rpm
nss-tools-3.44.0-7.el7_7.x86_64.rpm
nss-util-3.44.0-4.el7_7.i686.rpm
nss-util-3.44.0-4.el7_7.x86_64.rpm
nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm
nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
nss-debuginfo-3.44.0-7.el7_7.i686.rpm
nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm
nss-devel-3.44.0-7.el7_7.i686.rpm
nss-devel-3.44.0-7.el7_7.x86_64.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-devel-3.44.0-8.el7_7.i686.rpm
nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm
nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm
nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm
nss-util-devel-3.44.0-4.el7_7.i686.rpm
nss-util-devel-3.44.0-4.el7_7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
nss-3.44.0-7.el7_7.src.rpm
nss-softokn-3.44.0-8.el7_7.src.rpm
nss-util-3.44.0-4.el7_7.src.rpm
ppc64:
nss-3.44.0-7.el7_7.ppc.rpm
nss-3.44.0-7.el7_7.ppc64.rpm
nss-debuginfo-3.44.0-7.el7_7.ppc.rpm
nss-debuginfo-3.44.0-7.el7_7.ppc64.rpm
nss-devel-3.44.0-7.el7_7.ppc.rpm
nss-devel-3.44.0-7.el7_7.ppc64.rpm
nss-softokn-3.44.0-8.el7_7.ppc.rpm
nss-softokn-3.44.0-8.el7_7.ppc64.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.ppc.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.ppc64.rpm
nss-softokn-devel-3.44.0-8.el7_7.ppc.rpm
nss-softokn-devel-3.44.0-8.el7_7.ppc64.rpm
nss-softokn-freebl-3.44.0-8.el7_7.ppc.rpm
nss-softokn-freebl-3.44.0-8.el7_7.ppc64.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.ppc.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.ppc64.rpm
nss-sysinit-3.44.0-7.el7_7.ppc64.rpm
nss-tools-3.44.0-7.el7_7.ppc64.rpm
nss-util-3.44.0-4.el7_7.ppc.rpm
nss-util-3.44.0-4.el7_7.ppc64.rpm
nss-util-debuginfo-3.44.0-4.el7_7.ppc.rpm
nss-util-debuginfo-3.44.0-4.el7_7.ppc64.rpm
nss-util-devel-3.44.0-4.el7_7.ppc.rpm
nss-util-devel-3.44.0-4.el7_7.ppc64.rpm
ppc64le:
nss-3.44.0-7.el7_7.ppc64le.rpm
nss-debuginfo-3.44.0-7.el7_7.ppc64le.rpm
nss-devel-3.44.0-7.el7_7.ppc64le.rpm
nss-softokn-3.44.0-8.el7_7.ppc64le.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.ppc64le.rpm
nss-softokn-devel-3.44.0-8.el7_7.ppc64le.rpm
nss-softokn-freebl-3.44.0-8.el7_7.ppc64le.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.ppc64le.rpm
nss-sysinit-3.44.0-7.el7_7.ppc64le.rpm
nss-tools-3.44.0-7.el7_7.ppc64le.rpm
nss-util-3.44.0-4.el7_7.ppc64le.rpm
nss-util-debuginfo-3.44.0-4.el7_7.ppc64le.rpm
nss-util-devel-3.44.0-4.el7_7.ppc64le.rpm
s390x:
nss-3.44.0-7.el7_7.s390.rpm
nss-3.44.0-7.el7_7.s390x.rpm
nss-debuginfo-3.44.0-7.el7_7.s390.rpm
nss-debuginfo-3.44.0-7.el7_7.s390x.rpm
nss-devel-3.44.0-7.el7_7.s390.rpm
nss-devel-3.44.0-7.el7_7.s390x.rpm
nss-softokn-3.44.0-8.el7_7.s390.rpm
nss-softokn-3.44.0-8.el7_7.s390x.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.s390.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.s390x.rpm
nss-softokn-devel-3.44.0-8.el7_7.s390.rpm
nss-softokn-devel-3.44.0-8.el7_7.s390x.rpm
nss-softokn-freebl-3.44.0-8.el7_7.s390.rpm
nss-softokn-freebl-3.44.0-8.el7_7.s390x.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.s390.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.s390x.rpm
nss-sysinit-3.44.0-7.el7_7.s390x.rpm
nss-tools-3.44.0-7.el7_7.s390x.rpm
nss-util-3.44.0-4.el7_7.s390.rpm
nss-util-3.44.0-4.el7_7.s390x.rpm
nss-util-debuginfo-3.44.0-4.el7_7.s390.rpm
nss-util-debuginfo-3.44.0-4.el7_7.s390x.rpm
nss-util-devel-3.44.0-4.el7_7.s390.rpm
nss-util-devel-3.44.0-4.el7_7.s390x.rpm
x86_64:
nss-3.44.0-7.el7_7.i686.rpm
nss-3.44.0-7.el7_7.x86_64.rpm
nss-debuginfo-3.44.0-7.el7_7.i686.rpm
nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm
nss-devel-3.44.0-7.el7_7.i686.rpm
nss-devel-3.44.0-7.el7_7.x86_64.rpm
nss-softokn-3.44.0-8.el7_7.i686.rpm
nss-softokn-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-devel-3.44.0-8.el7_7.i686.rpm
nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm
nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm
nss-sysinit-3.44.0-7.el7_7.x86_64.rpm
nss-tools-3.44.0-7.el7_7.x86_64.rpm
nss-util-3.44.0-4.el7_7.i686.rpm
nss-util-3.44.0-4.el7_7.x86_64.rpm
nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm
nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm
nss-util-devel-3.44.0-4.el7_7.i686.rpm
nss-util-devel-3.44.0-4.el7_7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
nss-debuginfo-3.44.0-7.el7_7.ppc.rpm
nss-debuginfo-3.44.0-7.el7_7.ppc64.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.ppc.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.ppc64.rpm
ppc64le:
nss-debuginfo-3.44.0-7.el7_7.ppc64le.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.ppc64le.rpm
s390x:
nss-debuginfo-3.44.0-7.el7_7.s390.rpm
nss-debuginfo-3.44.0-7.el7_7.s390x.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.s390.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.s390x.rpm
x86_64:
nss-debuginfo-3.44.0-7.el7_7.i686.rpm
nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
nss-3.44.0-7.el7_7.src.rpm
nss-softokn-3.44.0-8.el7_7.src.rpm
nss-util-3.44.0-4.el7_7.src.rpm
x86_64:
nss-3.44.0-7.el7_7.i686.rpm
nss-3.44.0-7.el7_7.x86_64.rpm
nss-debuginfo-3.44.0-7.el7_7.i686.rpm
nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm
nss-devel-3.44.0-7.el7_7.i686.rpm
nss-devel-3.44.0-7.el7_7.x86_64.rpm
nss-softokn-3.44.0-8.el7_7.i686.rpm
nss-softokn-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-devel-3.44.0-8.el7_7.i686.rpm
nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm
nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm
nss-sysinit-3.44.0-7.el7_7.x86_64.rpm
nss-tools-3.44.0-7.el7_7.x86_64.rpm
nss-util-3.44.0-4.el7_7.i686.rpm
nss-util-3.44.0-4.el7_7.x86_64.rpm
nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm
nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm
nss-util-devel-3.44.0-4.el7_7.i686.rpm
nss-util-devel-3.44.0-4.el7_7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
nss-debuginfo-3.44.0-7.el7_7.i686.rpm
nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-11729
https://access.redhat.com/security/cve/CVE-2019-11745
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXe/GMNzjgjWX9erEAQjtKBAAk1TZvBRRA8ZC4B0U49uerK/eMM24Q4xR
PQWxuobDF/YzpJVZqDolO6CfRTBSnDHEuc/OkK0fC8Yskk0T9cp0DWAkHnUal0wB
Zmd61xW4IGSHtEH+g7K8Rv0q8Mto5AeC1hggOwT+0INvRAAa/Qm0c7m0+OSyLIZi
lgk9DLa+srY/6Z2wETS4b7DQiUA2nXegb7CbbnM0Mo2aooPeljsq6pkvyZy2Na0/
MMl/Xo8BWqU0lGrIBgVmrNRLMVkDJfVm7wSvBLaYk9EP758DfRLikm+GpGCowFUf
+60rIxp1iG4Hto7BqusUwmJmdw6fDGeoJSX/qQu3ZHFbpEsd9HCzzGKg9QFmF/yY
N4RWrM4KRMwqHG4qTpDYypKDn5QCGzh1dZuYQJ2gYLmHCBnTzrV0bDJtrzbUWwTx
eFX1YLv4Vw6oYwT1cAx3Ho2B3kpufVezAzfUhtw8uj20Ix1B0NHDcCszNAFWrE8T
QZ4BVVAzjl6xJoZSnjIQ+aBe3zVBW5P6yBhnqWUxS0VuGS3gbS6uPBMusr81sGK6
TjvPP+l8Ss6DQJic42+xruw8g8XqDqnUv3V12iTcOhqPtM7vmzExdMX5wXJ48lo9
Yl6UYkr6P4pM/vNQjgqD7UGud2ILthlwKzqdg9l4DZiA4pctAvAQtgEaL6783OK6
7R6thlrPkII=
=KHlQ
- -----END PGP SIGNATURE-----
- -----------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: nss-softokn security update
Advisory ID: RHSA-2019:4152-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:4152
Issue date: 2019-12-10
CVE Names: CVE-2019-11745
=====================================================================
1. Summary:
An update for nss-softokn is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
3. Description:
The nss-softokn package provides the Network Security Services Softoken
Cryptographic Module.
Security Fix(es):
* nss: Out-of-bounds write when passing an output buffer smaller than the
block size to NSC_EncryptUpdate (CVE-2019-11745)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1774831 - CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
nss-softokn-3.44.0-6.el6_10.src.rpm
i386:
nss-softokn-3.44.0-6.el6_10.i686.rpm
nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm
nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm
x86_64:
nss-softokn-3.44.0-6.el6_10.i686.rpm
nss-softokn-3.44.0-6.el6_10.x86_64.rpm
nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm
nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm
nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm
nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386:
nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm
nss-softokn-devel-3.44.0-6.el6_10.i686.rpm
nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm
x86_64:
nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm
nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm
nss-softokn-devel-3.44.0-6.el6_10.i686.rpm
nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm
nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm
nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
nss-softokn-3.44.0-6.el6_10.src.rpm
x86_64:
nss-softokn-3.44.0-6.el6_10.i686.rpm
nss-softokn-3.44.0-6.el6_10.x86_64.rpm
nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm
nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm
nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm
nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm
nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm
nss-softokn-devel-3.44.0-6.el6_10.i686.rpm
nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm
nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm
nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
nss-softokn-3.44.0-6.el6_10.src.rpm
i386:
nss-softokn-3.44.0-6.el6_10.i686.rpm
nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm
nss-softokn-devel-3.44.0-6.el6_10.i686.rpm
nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm
nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm
ppc64:
nss-softokn-3.44.0-6.el6_10.ppc.rpm
nss-softokn-3.44.0-6.el6_10.ppc64.rpm
nss-softokn-debuginfo-3.44.0-6.el6_10.ppc.rpm
nss-softokn-debuginfo-3.44.0-6.el6_10.ppc64.rpm
nss-softokn-devel-3.44.0-6.el6_10.ppc.rpm
nss-softokn-devel-3.44.0-6.el6_10.ppc64.rpm
nss-softokn-freebl-3.44.0-6.el6_10.ppc.rpm
nss-softokn-freebl-3.44.0-6.el6_10.ppc64.rpm
nss-softokn-freebl-devel-3.44.0-6.el6_10.ppc.rpm
nss-softokn-freebl-devel-3.44.0-6.el6_10.ppc64.rpm
s390x:
nss-softokn-3.44.0-6.el6_10.s390.rpm
nss-softokn-3.44.0-6.el6_10.s390x.rpm
nss-softokn-debuginfo-3.44.0-6.el6_10.s390.rpm
nss-softokn-debuginfo-3.44.0-6.el6_10.s390x.rpm
nss-softokn-devel-3.44.0-6.el6_10.s390.rpm
nss-softokn-devel-3.44.0-6.el6_10.s390x.rpm
nss-softokn-freebl-3.44.0-6.el6_10.s390.rpm
nss-softokn-freebl-3.44.0-6.el6_10.s390x.rpm
nss-softokn-freebl-devel-3.44.0-6.el6_10.s390.rpm
nss-softokn-freebl-devel-3.44.0-6.el6_10.s390x.rpm
x86_64:
nss-softokn-3.44.0-6.el6_10.i686.rpm
nss-softokn-3.44.0-6.el6_10.x86_64.rpm
nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm
nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm
nss-softokn-devel-3.44.0-6.el6_10.i686.rpm
nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm
nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm
nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm
nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm
nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
nss-softokn-3.44.0-6.el6_10.src.rpm
i386:
nss-softokn-3.44.0-6.el6_10.i686.rpm
nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm
nss-softokn-devel-3.44.0-6.el6_10.i686.rpm
nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm
nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm
x86_64:
nss-softokn-3.44.0-6.el6_10.i686.rpm
nss-softokn-3.44.0-6.el6_10.x86_64.rpm
nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm
nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm
nss-softokn-devel-3.44.0-6.el6_10.i686.rpm
nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm
nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm
nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm
nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm
nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-11745
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXe+MiNzjgjWX9erEAQiepQ/7BesVlTbWtK/e4tqUqQ2WADoCPilxvBo5
lQ/zdsIXw069qAzU/GutaUM3DN7qvxSDCtxOTeQy605jkHYnV1HPjIXxYkug6ETV
atrTxcph7BwV5w3sS4D+/N7FvYaGfluSQL65lihS3VNvtiA3excFw3hyaPeI/miM
N7+ZHE+kD3vFL2DL6gOMTa/FGfa2w55ka0ODEpL9xCm+vBwVEyNAYVZqzfDQdWwz
5gWlJd7NEJq1qqrNlMuwOrn3YYd2R9VPcrYEvoNRW/Dcf5BNstDmadIPAVcsG1rT
Me5PeII3MRIHLEkgYGFNmrxcctWSdC1VIuMsSUdC1lKnqZSpHMq4JjaNfjh3TAtg
2Avl2Jyhm1N56h6OsQo/UX2A7vRdGfgmVlv5jkFBYvjdilLmFQRCzouyJMAXmbZu
pUAqowHA9cN3RUYU7so7cU/4AKI3nlsHpH1o1ExICEUclsKn2rnxJquGMxhsVxEv
rnv9JKH4IuGKBxt0KTUZRLYsSdHdbrAhlHvanLCi9px7KvqTNIMpblijHLe/1OqD
9mVJjZpCAIJ3et+qPKzfdnjd76UqWbndQlgAwlVN07XODHBLSZkh0iY1nT1Az/WN
+wo3O48nWAzPvg2H5jy/+zq7mLI16W0t2mG8rUXHR2Don93Efomtbs7sFDxiiMOP
Iowc4iq7Yac=
=lxBi
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXfBUq2aOgq3Tt24GAQjV2xAA1qne3lMg11ZCzkj3hWgYwkA3Slkyxb6v
RMkjFDR4p7HkkL8Dt+4btrArLEMNRfysdS5sO/Ww4Legddho/e2iuY9Xzb1wyK10
6MpWjeMyUfxUouvxsO691KWaODn6KjXqzcDZjiyUjnZIeVX1L4bSvdb8XY1Vi9eO
WmZ8BGerFDbzz0IxKVoUF1riMK9fvPnLjLeSjKxKv6C9L4IZCSd5qLaZcRObwmC9
NR6/eqVjKXz4p/0MkrhE5tkMkfLSx3AYqyEP3NSFOus7MTpFhwvABBqCTwH/ZwAW
VATNA5SJdvJQ47nA+UYlG5rIkATS5B9RXyw1ssbMbFkBMbWetpk+rowKYQyQEZNa
sVYKK5AYVzql5f0dA/SXqg5emfMS4NSgSNf+zsHQud6zaxGLbWrVUmUWZrBE68jl
4QDdHk28Hgch/XFbEHMtsqehVgs0hfD2aMdtmd9bJ9+P6LDXWSbPWEoyIC2MhSaI
TZwABLQACHxXKsyCu2GGd0jx64pI7wtYPdF4VyCvLAyD3sMO9ryl3T4cdy4cjX53
ka+EVSnpfJtNfsb926akOPk6KGobGLWWlzpqICOpl3dp2c8UcRtSBPAJseRrr7UN
z2L3eQt5ubjCCxOCINa65R0yhxOn66JMJPCkHww0ROHyri2QdOR5c/HLhj/pFlpy
Z2upKDE0cOc=
=oA62
-----END PGP SIGNATURE-----