Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:1366: Red Hat Security Advisory: nss security update

An update for nss is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm#firefox

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-03-21

Updated:

2023-03-21

RHSA-2023:1366 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: nss security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for nss is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

Security Fix(es):

  • nss: Arbitrary memory write via PKCS 12 (CVE-2023-0767)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, applications using NSS (for example, Firefox) must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

Fixes

  • BZ - 2170377 - CVE-2023-0767 nss: Arbitrary memory write via PKCS 12

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM

nss-3.44.0-13.el6_10.src.rpm

SHA-256: 2233aded7fcf6911318215c3cc669f8c9cf26740e90ca5be765a2d897a7c0d01

x86_64

nss-3.44.0-13.el6_10.i686.rpm

SHA-256: bde230e8bbbf7a36fdc5e27a40553bba7845ba7d74623c6edfa341b97105ab1b

nss-3.44.0-13.el6_10.x86_64.rpm

SHA-256: 42cbf1f4dcf0f2dca7d6b80fdbf7ccb0613eb064fd067061aa715e0eac03d086

nss-debuginfo-3.44.0-13.el6_10.i686.rpm

SHA-256: 2bf686a88109b52a02b330f11d22424f2a8ae2c6011b103ecd38c3cc479995dd

nss-debuginfo-3.44.0-13.el6_10.i686.rpm

SHA-256: 2bf686a88109b52a02b330f11d22424f2a8ae2c6011b103ecd38c3cc479995dd

nss-debuginfo-3.44.0-13.el6_10.x86_64.rpm

SHA-256: 93d3ecf68807d1fcd5df00b1c7cb3030e2e642cbb1e8ff1e3f408f982e6fd784

nss-debuginfo-3.44.0-13.el6_10.x86_64.rpm

SHA-256: 93d3ecf68807d1fcd5df00b1c7cb3030e2e642cbb1e8ff1e3f408f982e6fd784

nss-devel-3.44.0-13.el6_10.i686.rpm

SHA-256: f524729e387eb3ca77fc80b6ce887e031bef031038b529f71ce3dc117c5cedc0

nss-devel-3.44.0-13.el6_10.x86_64.rpm

SHA-256: f6f1eef1f680d887e5ebabcdbffc93dd6748b2a7615c1521bbe2680bd0a48513

nss-pkcs11-devel-3.44.0-13.el6_10.i686.rpm

SHA-256: 320ceb5245add477ad08db44321f3d8c70e29c7ad19f235e8cfb0885ad6d9349

nss-pkcs11-devel-3.44.0-13.el6_10.x86_64.rpm

SHA-256: ea0e454730b84b02f5c5bdb76f776f47552bf52eb7f51ebb3457986c5fcedda7

nss-sysinit-3.44.0-13.el6_10.x86_64.rpm

SHA-256: 316184c06cd100f4a1842a501ac901f94d09058fdae05ee1189653dc3079f70b

nss-tools-3.44.0-13.el6_10.x86_64.rpm

SHA-256: 22dea0a9fd47bb41e480a733834751bbfdb0266d5d73524ed26398b379d09d90

i386

nss-3.44.0-13.el6_10.i686.rpm

SHA-256: bde230e8bbbf7a36fdc5e27a40553bba7845ba7d74623c6edfa341b97105ab1b

nss-debuginfo-3.44.0-13.el6_10.i686.rpm

SHA-256: 2bf686a88109b52a02b330f11d22424f2a8ae2c6011b103ecd38c3cc479995dd

nss-debuginfo-3.44.0-13.el6_10.i686.rpm

SHA-256: 2bf686a88109b52a02b330f11d22424f2a8ae2c6011b103ecd38c3cc479995dd

nss-devel-3.44.0-13.el6_10.i686.rpm

SHA-256: f524729e387eb3ca77fc80b6ce887e031bef031038b529f71ce3dc117c5cedc0

nss-pkcs11-devel-3.44.0-13.el6_10.i686.rpm

SHA-256: 320ceb5245add477ad08db44321f3d8c70e29c7ad19f235e8cfb0885ad6d9349

nss-sysinit-3.44.0-13.el6_10.i686.rpm

SHA-256: c76ddfc5f230a2c5d6223442dc0434c7881006189def7f072e1fde4195a832dc

nss-tools-3.44.0-13.el6_10.i686.rpm

SHA-256: 7fbeeffb33c5a25bd798b774e581886d630f89738d62271b3209fab96ef01143

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6

SRPM

nss-3.44.0-13.el6_10.src.rpm

SHA-256: 2233aded7fcf6911318215c3cc669f8c9cf26740e90ca5be765a2d897a7c0d01

s390x

nss-3.44.0-13.el6_10.s390.rpm

SHA-256: d6dd5f8cbd5f62f67e9c2138c9cb2228ea47f452351cc2412678d4048810082d

nss-3.44.0-13.el6_10.s390x.rpm

SHA-256: 7860e5b563d05ca19a89a537d5456bafb567e5ce805edb5bface3f7a72eae15a

nss-debuginfo-3.44.0-13.el6_10.s390.rpm

SHA-256: 39570052f79bff987f0adc217acdf28053295c7d76f3c18c893cded1a308bfe2

nss-debuginfo-3.44.0-13.el6_10.s390.rpm

SHA-256: 39570052f79bff987f0adc217acdf28053295c7d76f3c18c893cded1a308bfe2

nss-debuginfo-3.44.0-13.el6_10.s390x.rpm

SHA-256: 6742d863d4694c5c3e6335c821c7efcbcf91c8fa89be3635a9e2e04124385c03

nss-debuginfo-3.44.0-13.el6_10.s390x.rpm

SHA-256: 6742d863d4694c5c3e6335c821c7efcbcf91c8fa89be3635a9e2e04124385c03

nss-devel-3.44.0-13.el6_10.s390.rpm

SHA-256: c477658d9a13731f3e8ca3f464524ab84b089bb4f5136855f202addd3817c858

nss-devel-3.44.0-13.el6_10.s390x.rpm

SHA-256: c30adc9be0a65c43a3f904e229916e9a243638f8f17282a768d4ca2b3c7b8cbe

nss-pkcs11-devel-3.44.0-13.el6_10.s390.rpm

SHA-256: 4f3deeee5a06634758decaf9156ed3538843d408965d2b9e28ae9bd31ee817c9

nss-pkcs11-devel-3.44.0-13.el6_10.s390x.rpm

SHA-256: adff3aba752004a7cd900226b093d7a61072d7f1169c74eb9277ea3fad0f3ede

nss-sysinit-3.44.0-13.el6_10.s390x.rpm

SHA-256: 08dd36aebe022031ffcfec65825400b230c808f20c711cbc92a1b0a53d15cfba

nss-tools-3.44.0-13.el6_10.s390x.rpm

SHA-256: 57ccbffbd8a636f2afef24567afed380418aea3ce578a9f14e31a7f13a283390

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

Gentoo Linux Security Advisory 202305-35

Gentoo Linux Security Advisory 202305-35 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions greater than or equal to 102.10.0:esr are affected.

Red Hat Security Advisory 2023-2098-01

Red Hat Security Advisory 2023-2098-01 - Multicluster Engine for Kubernetes 2.0.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

RHSA-2023:2041: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.1.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect ...

Red Hat Security Advisory 2023-1525-01

Red Hat Security Advisory 2023-1525-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.59.

Red Hat Security Advisory 2023-1409-01

Red Hat Security Advisory 2023-1409-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.9.

RHSA-2023:1365: Red Hat Security Advisory: nss security and bug fix update

An update for nss is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled.

Ubuntu Security Notice USN-5880-2

Ubuntu Security Notice 5880-2 - USN-5880-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attributes. An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes. Johan Carlsson discovered that Firefox did not properly manage child iframe's unredacted URI when using Content-Security-Policy-Report-Only header. An attacker could potentially exploits this to obtain sensitive information. Vitor Torres discovered that Firefox did not properly manage permissions of extensions interaction via ExpandedPrincipals. An attacker could potentially exploits this issue to download malicious files or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly validate background script invoking requestFullscreen. An attacker could potentially exploit this issue to perf...

Red Hat Security Advisory 2023-0823-01

Red Hat Security Advisory 2023-0823-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-0812-01

Red Hat Security Advisory 2023-0812-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Issues addressed include a use-after-free vulnerability.

RHSA-2023:0822: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0616: The Mozilla Foundation Security Advisory describes this flaw as: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacke...

RHSA-2023:0817: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0616: The Mozilla Foundation Security Advisory describes this flaw as: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted mes...

RHSA-2023:0818: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0616: The Mozilla Foundation Security Advisory describes this flaw as: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. ...

RHSA-2023:0811: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe...

RHSA-2023:0809: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. * CVE-2023-25728: The Mozilla Foundation Security Advisory describes this flaw as: The `Content-Se...

Debian Security Advisory 5350-1

Debian Linux Security Advisory 5350-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.