Headline
RHSA-2023:1252: Red Hat Security Advisory: nss security update
An update for nss is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
発行日:
2023-03-15
更新日:
2023-03-15
RHSA-2023:1252 - Security Advisory
- 概要
- 更新パッケージ
概要
Important: nss security update
タイプ/重大度
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
トピック
An update for nss is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
説明
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
Security Fix(es):
- nss: Arbitrary memory write via PKCS 12 (CVE-2023-0767)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
解決法
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, applications using NSS (for example, Firefox) must be restarted for this update to take effect.
影響を受ける製品
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
修正
- BZ - 2170377 - CVE-2023-0767 nss: Arbitrary memory write via PKCS 12
参考資料
- https://access.redhat.com/security/updates/classification/#important
Red Hat Enterprise Linux for x86_64 8
SRPM
nss-3.79.0-11.el8_7.src.rpm
SHA-256: 13fd3bca77afdbf48873a4318813a8436b7017892718dce50a90e6fd8ff7e0af
x86_64
nss-3.79.0-11.el8_7.i686.rpm
SHA-256: 0dc6897a16bf1b1cb3578d4d6cbf6fd2d295bc755d23a5a0706b075f1886c098
nss-3.79.0-11.el8_7.x86_64.rpm
SHA-256: e68f233d67a101babded12e19f568ea8e0e30f3ca8da6f96d42287d8ba548040
nss-debuginfo-3.79.0-11.el8_7.i686.rpm
SHA-256: a26165c8a6d65445a1a898c4ecf9ed496d199ae4f52dd8984047ea6706e31323
nss-debuginfo-3.79.0-11.el8_7.x86_64.rpm
SHA-256: b5c1bb3517cc511010654dd49775130264842d48e043d15e36b35aaf7c7e3e26
nss-debugsource-3.79.0-11.el8_7.i686.rpm
SHA-256: 86658e9a2e21ec35c2796a457b8450c8cf3c34307c974091fb032476a6472516
nss-debugsource-3.79.0-11.el8_7.x86_64.rpm
SHA-256: d69622e7344f9b77f3b162c253a6264e25bf9bedf6f824f3c637410eaab5b536
nss-devel-3.79.0-11.el8_7.i686.rpm
SHA-256: d501028b63645e9e68e9fe6c4f68110a7f216cd20bac7cbbc0af56e5a789706a
nss-devel-3.79.0-11.el8_7.x86_64.rpm
SHA-256: 3af891f28cf53b4054e64a01ba3916a8cbf3a55b67475cea863956f7623b601d
nss-softokn-3.79.0-11.el8_7.i686.rpm
SHA-256: fb082a2f947f2c9135e753975100e959779e8dfd981b3192f20298ad48c05fdc
nss-softokn-3.79.0-11.el8_7.x86_64.rpm
SHA-256: 45e31b8df5e368763c645c4fefed0682ec852130f1101ab8f2b4e0ffbd3edfb9
nss-softokn-debuginfo-3.79.0-11.el8_7.i686.rpm
SHA-256: 1536f352ee60e8b1288ac39b66b791b37b9383914963bc48ec155f77a14da13f
nss-softokn-debuginfo-3.79.0-11.el8_7.x86_64.rpm
SHA-256: a5caeaa8db3789b592478e4deeed0a420e996117ec972c282b00b54dcf7786ba
nss-softokn-devel-3.79.0-11.el8_7.i686.rpm
SHA-256: 2cea5d030a044adf956ed6e1133470f8aeb9b88ba0727ea878ff81c5c4658129
nss-softokn-devel-3.79.0-11.el8_7.x86_64.rpm
SHA-256: fb5836231ac4ad3ff35ed2c31c215aca3a5d26d2abe6e8eef00423abcf3639e1
nss-softokn-freebl-3.79.0-11.el8_7.i686.rpm
SHA-256: 83a99c38a9622083bba853d07ea7f7cb3e1c5655b4829d7f58e5d8978252b729
nss-softokn-freebl-3.79.0-11.el8_7.x86_64.rpm
SHA-256: 91c0dfdb2a369ffbab0ab373f42e162774179e75ea2aa44b7ae6be33a9f39abf
nss-softokn-freebl-debuginfo-3.79.0-11.el8_7.i686.rpm
SHA-256: 73c1eadeb528b146d74f9a1154ad8d82b03d8a3d61302fcfab9651027dbcb795
nss-softokn-freebl-debuginfo-3.79.0-11.el8_7.x86_64.rpm
SHA-256: 0c453bac6c003645d1600bbdc10b5cb8b759ef314be0e427103c064c04222fd2
nss-softokn-freebl-devel-3.79.0-11.el8_7.i686.rpm
SHA-256: a11c8a4e2b749f6333d84be4be7ccb6920b1d35249fdcc68933d337552ca8392
nss-softokn-freebl-devel-3.79.0-11.el8_7.x86_64.rpm
SHA-256: eed0a78626019bf0f800d5c04c79eeecff6bc6d849388f1916f13df8d48cf3cd
nss-sysinit-3.79.0-11.el8_7.x86_64.rpm
SHA-256: 71a1c1ea6dee82fcf13b2f59afa4ed96c566b1e4ee28a8ec3e537dcbb4829c91
nss-sysinit-debuginfo-3.79.0-11.el8_7.i686.rpm
SHA-256: 094806dc078893c23e1c44cc9ca2218ea1434db34f1c926d4134c045177c2b0b
nss-sysinit-debuginfo-3.79.0-11.el8_7.x86_64.rpm
SHA-256: d0e8dd9e23a57c0f7813fb5af6469c53ff4ced28ef34eeb6faa51accd6c9d39f
nss-tools-3.79.0-11.el8_7.x86_64.rpm
SHA-256: 3235f8f329938596a6a67d0deb3479c1f6468484e5243c087b24c991e7b96964
nss-tools-debuginfo-3.79.0-11.el8_7.i686.rpm
SHA-256: d5b8fd77f027970d8b58d663345a872032ed4a3d25dd4cde4d32a03a10063681
nss-tools-debuginfo-3.79.0-11.el8_7.x86_64.rpm
SHA-256: 777ab1e7c7ef8ca91c7a97a434edf52522d718125aca60950120f8912ec76014
nss-util-3.79.0-11.el8_7.i686.rpm
SHA-256: 554ab58a59673dbf0be4abaa7dea6d12dfec8cef794a9777b276062b768b93df
nss-util-3.79.0-11.el8_7.x86_64.rpm
SHA-256: c2f9760839408f3d272002873f5d6757cce6a638b65fc7c81dbcda363cede8b3
nss-util-debuginfo-3.79.0-11.el8_7.i686.rpm
SHA-256: d9ed53d9e9be40e5cc57f661831c76288ded9eb54d5d4035540df438b43481cb
nss-util-debuginfo-3.79.0-11.el8_7.x86_64.rpm
SHA-256: 10532ec754c1396f6e87a6bbf5c1fa51523be5ea2ae754979c30f9bcd2190187
nss-util-devel-3.79.0-11.el8_7.i686.rpm
SHA-256: bf817b4e34d9f5ef8f40eadb970f782b2a9b5b9475d26bd0bf3f42ab08bdf113
nss-util-devel-3.79.0-11.el8_7.x86_64.rpm
SHA-256: 242836d35e668adb3c370ce5335d45b77c261257a8930e8ec4416860ebcce2f7
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
nss-3.79.0-11.el8_7.src.rpm
SHA-256: 13fd3bca77afdbf48873a4318813a8436b7017892718dce50a90e6fd8ff7e0af
s390x
nss-3.79.0-11.el8_7.s390x.rpm
SHA-256: 4e7c5f669f39f417264e2ec4f65cbafe8b8bfe4a13ab15d83fd4c3bb1c6091dc
nss-debuginfo-3.79.0-11.el8_7.s390x.rpm
SHA-256: b9175629348e778f9c45da13054321653f6a204737392e0c4e00aad8231619d3
nss-debugsource-3.79.0-11.el8_7.s390x.rpm
SHA-256: 50b30e76733b3385ec3e402a20306af080b82c3becf97712fd6f3d6ed5d5c399
nss-devel-3.79.0-11.el8_7.s390x.rpm
SHA-256: 5fba1a5e120f490e523bbe09ea141ea11e8974c7c6b06cad98eb93f2b6b72bdd
nss-softokn-3.79.0-11.el8_7.s390x.rpm
SHA-256: 81d69953fba614430aa3fc373d1acea5622ce83bcc829d5dfdaee4a0570e56b5
nss-softokn-debuginfo-3.79.0-11.el8_7.s390x.rpm
SHA-256: fb7fa8f83afb24140e0fd3f1c3a0346dbea32f478ac9414bc718a91dd2848191
nss-softokn-devel-3.79.0-11.el8_7.s390x.rpm
SHA-256: f2960b953e21ef3fd15c76fde8a2856105a05a33a0b554b67532d255b417ca67
nss-softokn-freebl-3.79.0-11.el8_7.s390x.rpm
SHA-256: 961427eb50eedc89dd5c023756730eff9dcb75ab10e6cafba3c2fbd3b53280a2
nss-softokn-freebl-debuginfo-3.79.0-11.el8_7.s390x.rpm
SHA-256: 660be2bc3696abe3595cbc24cab714885891dc914e292a14ddee8ec14744b103
nss-softokn-freebl-devel-3.79.0-11.el8_7.s390x.rpm
SHA-256: 2e488d3ccc48e6ef7d38253a1a305164f299cf8363f3c82bebfcf4adc53ad680
nss-sysinit-3.79.0-11.el8_7.s390x.rpm
SHA-256: 02b976b552cbbb468ee88bae1374c244c24cf665300e894cfaacf37a2acc9253
nss-sysinit-debuginfo-3.79.0-11.el8_7.s390x.rpm
SHA-256: 6bfb85eb9ff7973241f837775405b6e52326f39c7b7c94d84ff5ad472166688f
nss-tools-3.79.0-11.el8_7.s390x.rpm
SHA-256: df4257ca754414c9f08110d0121fb935c97013007a9fcc52b980b04d5d65a40f
nss-tools-debuginfo-3.79.0-11.el8_7.s390x.rpm
SHA-256: d2847a41baf3e654d533f877f757fdec1a21d786e217d25da407ca4120e84918
nss-util-3.79.0-11.el8_7.s390x.rpm
SHA-256: 87735bbbfe0e2ccc34fd123fe1b62f217255c15fde8d8849914b48f34ce907cb
nss-util-debuginfo-3.79.0-11.el8_7.s390x.rpm
SHA-256: 1041a65a1cccd2296fee6d039d3d4fd573a45491667b4c8a2419ac0718e67140
nss-util-devel-3.79.0-11.el8_7.s390x.rpm
SHA-256: ad762837874da35f5f42c618099fa4d259cfaa2a5476ca9ee84efdf0ce114c07
Red Hat Enterprise Linux for Power, little endian 8
SRPM
nss-3.79.0-11.el8_7.src.rpm
SHA-256: 13fd3bca77afdbf48873a4318813a8436b7017892718dce50a90e6fd8ff7e0af
ppc64le
nss-3.79.0-11.el8_7.ppc64le.rpm
SHA-256: 07e750f58cd6ff79dfa4c42f8c69d7b70bf3687be88180f8d9bb85cf922ea180
nss-debuginfo-3.79.0-11.el8_7.ppc64le.rpm
SHA-256: 19fac32658d7d35fca0752467c0245bc61a29ea5f79994701d625c68123e45b1
nss-debugsource-3.79.0-11.el8_7.ppc64le.rpm
SHA-256: 481f3f9e555d1447b0c449fc0a02d9a5a4cb531cecb994db1bbad5a7ce42da48
nss-devel-3.79.0-11.el8_7.ppc64le.rpm
SHA-256: 57b9ed85730d7e3c594ce023ddb0837d1a0d8636d8a373eb9c7104aa7e6b98b2
nss-softokn-3.79.0-11.el8_7.ppc64le.rpm
SHA-256: 4e617b5afe673002fd2751dc52a81ef898899f838ac8f48bc9ba643b2c56d91c
nss-softokn-debuginfo-3.79.0-11.el8_7.ppc64le.rpm
SHA-256: 93002ab7dd4575fb98043f73a781004ac78f3ea44789da517d29fb7a7ddc4a31
nss-softokn-devel-3.79.0-11.el8_7.ppc64le.rpm
SHA-256: 964f217d37be8b8e74b35902d7d2acecc9f4efd8a00e8e2de07fa8af493f0fa6
nss-softokn-freebl-3.79.0-11.el8_7.ppc64le.rpm
SHA-256: a740f329d18121eafda1355ab46c1f735426190e22d976b1d5c51e68a428c143
nss-softokn-freebl-debuginfo-3.79.0-11.el8_7.ppc64le.rpm
SHA-256: 63e2f54d7cf0fa33abc0b660c3f311298973231c252afc5bca2a138f83ed62ac
nss-softokn-freebl-devel-3.79.0-11.el8_7.ppc64le.rpm
SHA-256: 6f7a2c9a471a45e870fdebad390e1d47294e99b4085230097f48548edf4037c1
nss-sysinit-3.79.0-11.el8_7.ppc64le.rpm
SHA-256: 22b504f2057fdfe95580c60dc7ef5a728839d1dd7e109e6f259669f74289d701
nss-sysinit-debuginfo-3.79.0-11.el8_7.ppc64le.rpm
SHA-256: bec1bd38ddd9eab94a598eca0229538e8c37106567c23c2e0bbd542857fe8b97
nss-tools-3.79.0-11.el8_7.ppc64le.rpm
SHA-256: 03a3ea98c8e00b9c47e49fd547d8fd82dbd40c2eb6cbc1c078fbc52d9afa961c
nss-tools-debuginfo-3.79.0-11.el8_7.ppc64le.rpm
SHA-256: e45818a6db26e9ab45f6d0b1b15e47eca2c106bc84306e304ea1ae05aca04c2e
nss-util-3.79.0-11.el8_7.ppc64le.rpm
SHA-256: dc1a91dbf20e477fffd4c7b94e8ac12b615c55d434212d1efd936990c11761c9
nss-util-debuginfo-3.79.0-11.el8_7.ppc64le.rpm
SHA-256: b200fe841a7f306962e65fbb38e88c04ae04ad7aa894adb82a44194e074157bc
nss-util-devel-3.79.0-11.el8_7.ppc64le.rpm
SHA-256: 1ee0014cfd22370c60a67dbe045f46888c460fded6cbc1e3945cc218a88e0066
Red Hat Enterprise Linux for ARM 64 8
SRPM
nss-3.79.0-11.el8_7.src.rpm
SHA-256: 13fd3bca77afdbf48873a4318813a8436b7017892718dce50a90e6fd8ff7e0af
aarch64
nss-3.79.0-11.el8_7.aarch64.rpm
SHA-256: 1c0f9c6e83a6e3dc4bcc39355b43a502c14473cf1a44918df3748eb1d13d364c
nss-debuginfo-3.79.0-11.el8_7.aarch64.rpm
SHA-256: 000544f616f8dc96bff6659373573d2d4ad40f0ef9f57f116d2d268f14a3e407
nss-debugsource-3.79.0-11.el8_7.aarch64.rpm
SHA-256: 5a38bf84c4ac2e30e1baaa310f593a40617728557a6ec6a11e84bc2b2fa9df8d
nss-devel-3.79.0-11.el8_7.aarch64.rpm
SHA-256: d49235c4a64f4852f6dd36e302c7bee794e5b8d16546c1c8445ba53d1e246e49
nss-softokn-3.79.0-11.el8_7.aarch64.rpm
SHA-256: b3f483c9a8c9252c5f55567e811e9318eacbe3619363838efb07023ddb7ef8d8
nss-softokn-debuginfo-3.79.0-11.el8_7.aarch64.rpm
SHA-256: 2de43eb7f47d626f18b93101979a5755b32c3424ef54169c45b3591f5285a014
nss-softokn-devel-3.79.0-11.el8_7.aarch64.rpm
SHA-256: f64dd29f55b4c89aa8c649357cb5dc8403dcefd40e0ae61c18a93cdd1933e8e5
nss-softokn-freebl-3.79.0-11.el8_7.aarch64.rpm
SHA-256: 3a443b2d2c0dc2482cf06445287fc81836711971def3dcdcac34d3369dfb1d2e
nss-softokn-freebl-debuginfo-3.79.0-11.el8_7.aarch64.rpm
SHA-256: 7348ab6caf5be56de5d06dc03b6b1de9b496d718b128919f0a4d10b7f93bebdb
nss-softokn-freebl-devel-3.79.0-11.el8_7.aarch64.rpm
SHA-256: 216ea5600f3e00bb21d8641db778fce606975ac96cd5001b90abab4fc6ef28dc
nss-sysinit-3.79.0-11.el8_7.aarch64.rpm
SHA-256: d6d3e9b3d0cc7c56fdebd35f259fbbf89f64db65fd90845f936bc86fc12853d0
nss-sysinit-debuginfo-3.79.0-11.el8_7.aarch64.rpm
SHA-256: e77c9e7e6a0af21ea588d63dedffb0062afa70373d7dde93afb713cfb3a65b83
nss-tools-3.79.0-11.el8_7.aarch64.rpm
SHA-256: d21f600a7fffdf3a1d378618b1c1a5e6d3926b50407994bc3b96d66278402ddf
nss-tools-debuginfo-3.79.0-11.el8_7.aarch64.rpm
SHA-256: 0be5bb44a86703071502c1bab63fe9c9cf4081cf65ca35770b0f8b09e6342d47
nss-util-3.79.0-11.el8_7.aarch64.rpm
SHA-256: 1c5dc62e97832463a69183f2db77766413a25f58b5f67105b22c500de813d783
nss-util-debuginfo-3.79.0-11.el8_7.aarch64.rpm
SHA-256: 37998185380c414fad45369eeeace0921827c82cd72d648599e1108dcdc03617
nss-util-devel-3.79.0-11.el8_7.aarch64.rpm
SHA-256: e708279c8564f1b4f0d107bdc9800ad248a4a1fe702ad957017993893ef3f44c
Red Hat のセキュリティーに関する連絡先は [email protected] です。 連絡先の詳細は https://access.redhat.com/security/team/contact/ をご覧ください。
Related news
When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
Red Hat Security Advisory 2023-2098-01 - Multicluster Engine for Kubernetes 2.0.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.
Migration Toolkit for Applications 6.1.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3782: A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect ...
Red Hat OpenShift Container Platform release 4.9.59 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20329: A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to use a Go object with a specific string to inject additional fields into marshaled documen...
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. * CVE-2023-25751: A flaw was found in Mozilla. The Mozilla Foundation Security Advisory ...
An update for nss is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled.
An update for nss is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled.
Ubuntu Security Notice 5892-1 - It was discovered that NSS incorrectly handled client authentication without a user certificate in the database. A remote attacker could possibly use this issue to cause a NSS client to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. Christian Holler discovered that NSS incorrectly handled certain PKCS 12 certificated bundles. A remote attacker could use this issue to cause NSS to crash, leading to a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2023-0809-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0808-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0811-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0807-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Issues addressed include a use-after-free vulnerability.
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. * CVE-2023-25728: The Mozilla Foundation Security Advisory describes this flaw as: The `Content-Security-Policy-Report-Only`...
An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. * CVE-2023-25728: The Mozilla Foundation Security Advisory describes this flaw as: The `Content-Se...
An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe...
An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. * CVE-2023-25728: The Mozilla Foundation Security Advisory describes this flaw as: The `Content-Security-Policy-Report-Only`...
An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. * CVE-2023-25728: The Mozilla Foundation Security Advisory describes this flaw as: The `Content-Se...