Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:1252: Red Hat Security Advisory: nss security update

An update for nss is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#ibm#firefox

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

発行日:

2023-03-15

更新日:

2023-03-15

RHSA-2023:1252 - Security Advisory

  • 概要
  • 更新パッケージ

概要

Important: nss security update

タイプ/重大度

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

トピック

An update for nss is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

説明

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

Security Fix(es):

  • nss: Arbitrary memory write via PKCS 12 (CVE-2023-0767)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解決法

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, applications using NSS (for example, Firefox) must be restarted for this update to take effect.

影響を受ける製品

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

修正

  • BZ - 2170377 - CVE-2023-0767 nss: Arbitrary memory write via PKCS 12

参考資料

  • https://access.redhat.com/security/updates/classification/#important

Red Hat Enterprise Linux for x86_64 8

SRPM

nss-3.79.0-11.el8_7.src.rpm

SHA-256: 13fd3bca77afdbf48873a4318813a8436b7017892718dce50a90e6fd8ff7e0af

x86_64

nss-3.79.0-11.el8_7.i686.rpm

SHA-256: 0dc6897a16bf1b1cb3578d4d6cbf6fd2d295bc755d23a5a0706b075f1886c098

nss-3.79.0-11.el8_7.x86_64.rpm

SHA-256: e68f233d67a101babded12e19f568ea8e0e30f3ca8da6f96d42287d8ba548040

nss-debuginfo-3.79.0-11.el8_7.i686.rpm

SHA-256: a26165c8a6d65445a1a898c4ecf9ed496d199ae4f52dd8984047ea6706e31323

nss-debuginfo-3.79.0-11.el8_7.x86_64.rpm

SHA-256: b5c1bb3517cc511010654dd49775130264842d48e043d15e36b35aaf7c7e3e26

nss-debugsource-3.79.0-11.el8_7.i686.rpm

SHA-256: 86658e9a2e21ec35c2796a457b8450c8cf3c34307c974091fb032476a6472516

nss-debugsource-3.79.0-11.el8_7.x86_64.rpm

SHA-256: d69622e7344f9b77f3b162c253a6264e25bf9bedf6f824f3c637410eaab5b536

nss-devel-3.79.0-11.el8_7.i686.rpm

SHA-256: d501028b63645e9e68e9fe6c4f68110a7f216cd20bac7cbbc0af56e5a789706a

nss-devel-3.79.0-11.el8_7.x86_64.rpm

SHA-256: 3af891f28cf53b4054e64a01ba3916a8cbf3a55b67475cea863956f7623b601d

nss-softokn-3.79.0-11.el8_7.i686.rpm

SHA-256: fb082a2f947f2c9135e753975100e959779e8dfd981b3192f20298ad48c05fdc

nss-softokn-3.79.0-11.el8_7.x86_64.rpm

SHA-256: 45e31b8df5e368763c645c4fefed0682ec852130f1101ab8f2b4e0ffbd3edfb9

nss-softokn-debuginfo-3.79.0-11.el8_7.i686.rpm

SHA-256: 1536f352ee60e8b1288ac39b66b791b37b9383914963bc48ec155f77a14da13f

nss-softokn-debuginfo-3.79.0-11.el8_7.x86_64.rpm

SHA-256: a5caeaa8db3789b592478e4deeed0a420e996117ec972c282b00b54dcf7786ba

nss-softokn-devel-3.79.0-11.el8_7.i686.rpm

SHA-256: 2cea5d030a044adf956ed6e1133470f8aeb9b88ba0727ea878ff81c5c4658129

nss-softokn-devel-3.79.0-11.el8_7.x86_64.rpm

SHA-256: fb5836231ac4ad3ff35ed2c31c215aca3a5d26d2abe6e8eef00423abcf3639e1

nss-softokn-freebl-3.79.0-11.el8_7.i686.rpm

SHA-256: 83a99c38a9622083bba853d07ea7f7cb3e1c5655b4829d7f58e5d8978252b729

nss-softokn-freebl-3.79.0-11.el8_7.x86_64.rpm

SHA-256: 91c0dfdb2a369ffbab0ab373f42e162774179e75ea2aa44b7ae6be33a9f39abf

nss-softokn-freebl-debuginfo-3.79.0-11.el8_7.i686.rpm

SHA-256: 73c1eadeb528b146d74f9a1154ad8d82b03d8a3d61302fcfab9651027dbcb795

nss-softokn-freebl-debuginfo-3.79.0-11.el8_7.x86_64.rpm

SHA-256: 0c453bac6c003645d1600bbdc10b5cb8b759ef314be0e427103c064c04222fd2

nss-softokn-freebl-devel-3.79.0-11.el8_7.i686.rpm

SHA-256: a11c8a4e2b749f6333d84be4be7ccb6920b1d35249fdcc68933d337552ca8392

nss-softokn-freebl-devel-3.79.0-11.el8_7.x86_64.rpm

SHA-256: eed0a78626019bf0f800d5c04c79eeecff6bc6d849388f1916f13df8d48cf3cd

nss-sysinit-3.79.0-11.el8_7.x86_64.rpm

SHA-256: 71a1c1ea6dee82fcf13b2f59afa4ed96c566b1e4ee28a8ec3e537dcbb4829c91

nss-sysinit-debuginfo-3.79.0-11.el8_7.i686.rpm

SHA-256: 094806dc078893c23e1c44cc9ca2218ea1434db34f1c926d4134c045177c2b0b

nss-sysinit-debuginfo-3.79.0-11.el8_7.x86_64.rpm

SHA-256: d0e8dd9e23a57c0f7813fb5af6469c53ff4ced28ef34eeb6faa51accd6c9d39f

nss-tools-3.79.0-11.el8_7.x86_64.rpm

SHA-256: 3235f8f329938596a6a67d0deb3479c1f6468484e5243c087b24c991e7b96964

nss-tools-debuginfo-3.79.0-11.el8_7.i686.rpm

SHA-256: d5b8fd77f027970d8b58d663345a872032ed4a3d25dd4cde4d32a03a10063681

nss-tools-debuginfo-3.79.0-11.el8_7.x86_64.rpm

SHA-256: 777ab1e7c7ef8ca91c7a97a434edf52522d718125aca60950120f8912ec76014

nss-util-3.79.0-11.el8_7.i686.rpm

SHA-256: 554ab58a59673dbf0be4abaa7dea6d12dfec8cef794a9777b276062b768b93df

nss-util-3.79.0-11.el8_7.x86_64.rpm

SHA-256: c2f9760839408f3d272002873f5d6757cce6a638b65fc7c81dbcda363cede8b3

nss-util-debuginfo-3.79.0-11.el8_7.i686.rpm

SHA-256: d9ed53d9e9be40e5cc57f661831c76288ded9eb54d5d4035540df438b43481cb

nss-util-debuginfo-3.79.0-11.el8_7.x86_64.rpm

SHA-256: 10532ec754c1396f6e87a6bbf5c1fa51523be5ea2ae754979c30f9bcd2190187

nss-util-devel-3.79.0-11.el8_7.i686.rpm

SHA-256: bf817b4e34d9f5ef8f40eadb970f782b2a9b5b9475d26bd0bf3f42ab08bdf113

nss-util-devel-3.79.0-11.el8_7.x86_64.rpm

SHA-256: 242836d35e668adb3c370ce5335d45b77c261257a8930e8ec4416860ebcce2f7

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

nss-3.79.0-11.el8_7.src.rpm

SHA-256: 13fd3bca77afdbf48873a4318813a8436b7017892718dce50a90e6fd8ff7e0af

s390x

nss-3.79.0-11.el8_7.s390x.rpm

SHA-256: 4e7c5f669f39f417264e2ec4f65cbafe8b8bfe4a13ab15d83fd4c3bb1c6091dc

nss-debuginfo-3.79.0-11.el8_7.s390x.rpm

SHA-256: b9175629348e778f9c45da13054321653f6a204737392e0c4e00aad8231619d3

nss-debugsource-3.79.0-11.el8_7.s390x.rpm

SHA-256: 50b30e76733b3385ec3e402a20306af080b82c3becf97712fd6f3d6ed5d5c399

nss-devel-3.79.0-11.el8_7.s390x.rpm

SHA-256: 5fba1a5e120f490e523bbe09ea141ea11e8974c7c6b06cad98eb93f2b6b72bdd

nss-softokn-3.79.0-11.el8_7.s390x.rpm

SHA-256: 81d69953fba614430aa3fc373d1acea5622ce83bcc829d5dfdaee4a0570e56b5

nss-softokn-debuginfo-3.79.0-11.el8_7.s390x.rpm

SHA-256: fb7fa8f83afb24140e0fd3f1c3a0346dbea32f478ac9414bc718a91dd2848191

nss-softokn-devel-3.79.0-11.el8_7.s390x.rpm

SHA-256: f2960b953e21ef3fd15c76fde8a2856105a05a33a0b554b67532d255b417ca67

nss-softokn-freebl-3.79.0-11.el8_7.s390x.rpm

SHA-256: 961427eb50eedc89dd5c023756730eff9dcb75ab10e6cafba3c2fbd3b53280a2

nss-softokn-freebl-debuginfo-3.79.0-11.el8_7.s390x.rpm

SHA-256: 660be2bc3696abe3595cbc24cab714885891dc914e292a14ddee8ec14744b103

nss-softokn-freebl-devel-3.79.0-11.el8_7.s390x.rpm

SHA-256: 2e488d3ccc48e6ef7d38253a1a305164f299cf8363f3c82bebfcf4adc53ad680

nss-sysinit-3.79.0-11.el8_7.s390x.rpm

SHA-256: 02b976b552cbbb468ee88bae1374c244c24cf665300e894cfaacf37a2acc9253

nss-sysinit-debuginfo-3.79.0-11.el8_7.s390x.rpm

SHA-256: 6bfb85eb9ff7973241f837775405b6e52326f39c7b7c94d84ff5ad472166688f

nss-tools-3.79.0-11.el8_7.s390x.rpm

SHA-256: df4257ca754414c9f08110d0121fb935c97013007a9fcc52b980b04d5d65a40f

nss-tools-debuginfo-3.79.0-11.el8_7.s390x.rpm

SHA-256: d2847a41baf3e654d533f877f757fdec1a21d786e217d25da407ca4120e84918

nss-util-3.79.0-11.el8_7.s390x.rpm

SHA-256: 87735bbbfe0e2ccc34fd123fe1b62f217255c15fde8d8849914b48f34ce907cb

nss-util-debuginfo-3.79.0-11.el8_7.s390x.rpm

SHA-256: 1041a65a1cccd2296fee6d039d3d4fd573a45491667b4c8a2419ac0718e67140

nss-util-devel-3.79.0-11.el8_7.s390x.rpm

SHA-256: ad762837874da35f5f42c618099fa4d259cfaa2a5476ca9ee84efdf0ce114c07

Red Hat Enterprise Linux for Power, little endian 8

SRPM

nss-3.79.0-11.el8_7.src.rpm

SHA-256: 13fd3bca77afdbf48873a4318813a8436b7017892718dce50a90e6fd8ff7e0af

ppc64le

nss-3.79.0-11.el8_7.ppc64le.rpm

SHA-256: 07e750f58cd6ff79dfa4c42f8c69d7b70bf3687be88180f8d9bb85cf922ea180

nss-debuginfo-3.79.0-11.el8_7.ppc64le.rpm

SHA-256: 19fac32658d7d35fca0752467c0245bc61a29ea5f79994701d625c68123e45b1

nss-debugsource-3.79.0-11.el8_7.ppc64le.rpm

SHA-256: 481f3f9e555d1447b0c449fc0a02d9a5a4cb531cecb994db1bbad5a7ce42da48

nss-devel-3.79.0-11.el8_7.ppc64le.rpm

SHA-256: 57b9ed85730d7e3c594ce023ddb0837d1a0d8636d8a373eb9c7104aa7e6b98b2

nss-softokn-3.79.0-11.el8_7.ppc64le.rpm

SHA-256: 4e617b5afe673002fd2751dc52a81ef898899f838ac8f48bc9ba643b2c56d91c

nss-softokn-debuginfo-3.79.0-11.el8_7.ppc64le.rpm

SHA-256: 93002ab7dd4575fb98043f73a781004ac78f3ea44789da517d29fb7a7ddc4a31

nss-softokn-devel-3.79.0-11.el8_7.ppc64le.rpm

SHA-256: 964f217d37be8b8e74b35902d7d2acecc9f4efd8a00e8e2de07fa8af493f0fa6

nss-softokn-freebl-3.79.0-11.el8_7.ppc64le.rpm

SHA-256: a740f329d18121eafda1355ab46c1f735426190e22d976b1d5c51e68a428c143

nss-softokn-freebl-debuginfo-3.79.0-11.el8_7.ppc64le.rpm

SHA-256: 63e2f54d7cf0fa33abc0b660c3f311298973231c252afc5bca2a138f83ed62ac

nss-softokn-freebl-devel-3.79.0-11.el8_7.ppc64le.rpm

SHA-256: 6f7a2c9a471a45e870fdebad390e1d47294e99b4085230097f48548edf4037c1

nss-sysinit-3.79.0-11.el8_7.ppc64le.rpm

SHA-256: 22b504f2057fdfe95580c60dc7ef5a728839d1dd7e109e6f259669f74289d701

nss-sysinit-debuginfo-3.79.0-11.el8_7.ppc64le.rpm

SHA-256: bec1bd38ddd9eab94a598eca0229538e8c37106567c23c2e0bbd542857fe8b97

nss-tools-3.79.0-11.el8_7.ppc64le.rpm

SHA-256: 03a3ea98c8e00b9c47e49fd547d8fd82dbd40c2eb6cbc1c078fbc52d9afa961c

nss-tools-debuginfo-3.79.0-11.el8_7.ppc64le.rpm

SHA-256: e45818a6db26e9ab45f6d0b1b15e47eca2c106bc84306e304ea1ae05aca04c2e

nss-util-3.79.0-11.el8_7.ppc64le.rpm

SHA-256: dc1a91dbf20e477fffd4c7b94e8ac12b615c55d434212d1efd936990c11761c9

nss-util-debuginfo-3.79.0-11.el8_7.ppc64le.rpm

SHA-256: b200fe841a7f306962e65fbb38e88c04ae04ad7aa894adb82a44194e074157bc

nss-util-devel-3.79.0-11.el8_7.ppc64le.rpm

SHA-256: 1ee0014cfd22370c60a67dbe045f46888c460fded6cbc1e3945cc218a88e0066

Red Hat Enterprise Linux for ARM 64 8

SRPM

nss-3.79.0-11.el8_7.src.rpm

SHA-256: 13fd3bca77afdbf48873a4318813a8436b7017892718dce50a90e6fd8ff7e0af

aarch64

nss-3.79.0-11.el8_7.aarch64.rpm

SHA-256: 1c0f9c6e83a6e3dc4bcc39355b43a502c14473cf1a44918df3748eb1d13d364c

nss-debuginfo-3.79.0-11.el8_7.aarch64.rpm

SHA-256: 000544f616f8dc96bff6659373573d2d4ad40f0ef9f57f116d2d268f14a3e407

nss-debugsource-3.79.0-11.el8_7.aarch64.rpm

SHA-256: 5a38bf84c4ac2e30e1baaa310f593a40617728557a6ec6a11e84bc2b2fa9df8d

nss-devel-3.79.0-11.el8_7.aarch64.rpm

SHA-256: d49235c4a64f4852f6dd36e302c7bee794e5b8d16546c1c8445ba53d1e246e49

nss-softokn-3.79.0-11.el8_7.aarch64.rpm

SHA-256: b3f483c9a8c9252c5f55567e811e9318eacbe3619363838efb07023ddb7ef8d8

nss-softokn-debuginfo-3.79.0-11.el8_7.aarch64.rpm

SHA-256: 2de43eb7f47d626f18b93101979a5755b32c3424ef54169c45b3591f5285a014

nss-softokn-devel-3.79.0-11.el8_7.aarch64.rpm

SHA-256: f64dd29f55b4c89aa8c649357cb5dc8403dcefd40e0ae61c18a93cdd1933e8e5

nss-softokn-freebl-3.79.0-11.el8_7.aarch64.rpm

SHA-256: 3a443b2d2c0dc2482cf06445287fc81836711971def3dcdcac34d3369dfb1d2e

nss-softokn-freebl-debuginfo-3.79.0-11.el8_7.aarch64.rpm

SHA-256: 7348ab6caf5be56de5d06dc03b6b1de9b496d718b128919f0a4d10b7f93bebdb

nss-softokn-freebl-devel-3.79.0-11.el8_7.aarch64.rpm

SHA-256: 216ea5600f3e00bb21d8641db778fce606975ac96cd5001b90abab4fc6ef28dc

nss-sysinit-3.79.0-11.el8_7.aarch64.rpm

SHA-256: d6d3e9b3d0cc7c56fdebd35f259fbbf89f64db65fd90845f936bc86fc12853d0

nss-sysinit-debuginfo-3.79.0-11.el8_7.aarch64.rpm

SHA-256: e77c9e7e6a0af21ea588d63dedffb0062afa70373d7dde93afb713cfb3a65b83

nss-tools-3.79.0-11.el8_7.aarch64.rpm

SHA-256: d21f600a7fffdf3a1d378618b1c1a5e6d3926b50407994bc3b96d66278402ddf

nss-tools-debuginfo-3.79.0-11.el8_7.aarch64.rpm

SHA-256: 0be5bb44a86703071502c1bab63fe9c9cf4081cf65ca35770b0f8b09e6342d47

nss-util-3.79.0-11.el8_7.aarch64.rpm

SHA-256: 1c5dc62e97832463a69183f2db77766413a25f58b5f67105b22c500de813d783

nss-util-debuginfo-3.79.0-11.el8_7.aarch64.rpm

SHA-256: 37998185380c414fad45369eeeace0921827c82cd72d648599e1108dcdc03617

nss-util-devel-3.79.0-11.el8_7.aarch64.rpm

SHA-256: e708279c8564f1b4f0d107bdc9800ad248a4a1fe702ad957017993893ef3f44c

Red Hat のセキュリティーに関する連絡先は [email protected] です。 連絡先の詳細は https://access.redhat.com/security/team/contact/ をご覧ください。

Related news

CVE-2023-25732: Security Vulnerabilities fixed in Firefox 110

When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Red Hat Security Advisory 2023-2098-01

Red Hat Security Advisory 2023-2098-01 - Multicluster Engine for Kubernetes 2.0.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

RHSA-2023:2041: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.1.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect ...

RHSA-2023:1525: Red Hat Security Advisory: OpenShift Container Platform 4.9.59 security update

Red Hat OpenShift Container Platform release 4.9.59 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20329: A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to use a Go object with a specific string to inject additional fields into marshaled documen...

RHSA-2023:1479: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. * CVE-2023-25751: A flaw was found in Mozilla. The Mozilla Foundation Security Advisory ...

RHSA-2023:1370: Red Hat Security Advisory: nss security update

An update for nss is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled.

RHSA-2023:1369: Red Hat Security Advisory: nss security update

An update for nss is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled.

Ubuntu Security Notice USN-5892-1

Ubuntu Security Notice 5892-1 - It was discovered that NSS incorrectly handled client authentication without a user certificate in the database. A remote attacker could possibly use this issue to cause a NSS client to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. Christian Holler discovered that NSS incorrectly handled certain PKCS 12 certificated bundles. A remote attacker could use this issue to cause NSS to crash, leading to a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2023-0809-01

Red Hat Security Advisory 2023-0809-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-0808-01

Red Hat Security Advisory 2023-0808-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-0811-01

Red Hat Security Advisory 2023-0811-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-0807-01

Red Hat Security Advisory 2023-0807-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Issues addressed include a use-after-free vulnerability.

RHSA-2023:0812: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. * CVE-2023-25728: The Mozilla Foundation Security Advisory describes this flaw as: The `Content-Security-Policy-Report-Only`...

RHSA-2023:0807: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. * CVE-2023-25728: The Mozilla Foundation Security Advisory describes this flaw as: The `Content-Se...

RHSA-2023:0811: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe...

RHSA-2023:0810: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. * CVE-2023-25728: The Mozilla Foundation Security Advisory describes this flaw as: The `Content-Security-Policy-Report-Only`...

RHSA-2023:0805: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. * CVE-2023-25728: The Mozilla Foundation Security Advisory describes this flaw as: The `Content-Se...