RHSA-2021:1026: Red Hat Security Advisory: nss-softokn security update

An update for nss-softokn is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Security Fix(es):

• nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756)
• nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)
• nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs:
• CVE-2019-11756: nss: Use-after-free in sftk_FreeSession due to improper refcounting
• CVE-2019-17006: nss: Check length of inputs for cryptographic primitives
• CVE-2020-12403: nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read