Headline
RHSA-2023:1332: Red Hat Security Advisory: nss security update
An update for nss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled.
Synopsis
Important: nss security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for nss is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
Security Fix(es):
- nss: Arbitrary memory write via PKCS 12 (CVE-2023-0767)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, applications using NSS (for example, Firefox) must be restarted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Fixes
- BZ - 2170377 - CVE-2023-0767 nss: Arbitrary memory write via PKCS 12
Red Hat Enterprise Linux Server 7
SRPM
nss-3.79.0-5.el7_9.src.rpm
SHA-256: 79cd0f072996d0fca1af29557448dc868fd3567bac5ae012950401920c1397f3
x86_64
nss-3.79.0-5.el7_9.i686.rpm
SHA-256: 63994738b9073902dd60b6f0bf013b4d112c6b7f77011a1fec4bab2fc1dd2227
nss-3.79.0-5.el7_9.x86_64.rpm
SHA-256: beb397d137fb28a4f9909bd0f611c3580dc254c7771c564426bbcd4b17502895
nss-debuginfo-3.79.0-5.el7_9.i686.rpm
SHA-256: 7dcf8abe5d240aef23ca2eae83502f3470aaf6969eca185eb6d5bd240668c38f
nss-debuginfo-3.79.0-5.el7_9.i686.rpm
SHA-256: 7dcf8abe5d240aef23ca2eae83502f3470aaf6969eca185eb6d5bd240668c38f
nss-debuginfo-3.79.0-5.el7_9.x86_64.rpm
SHA-256: f8a1f34e397fcaee37500977c61196360b7c0252f95645974d254eb61f87d7f2
nss-debuginfo-3.79.0-5.el7_9.x86_64.rpm
SHA-256: f8a1f34e397fcaee37500977c61196360b7c0252f95645974d254eb61f87d7f2
nss-devel-3.79.0-5.el7_9.i686.rpm
SHA-256: ec4e5e246f1d68c7e5e44a295b05022daaee42ae3b80612d04b1515c03d98f8c
nss-devel-3.79.0-5.el7_9.x86_64.rpm
SHA-256: fe14c2f2b3610a5f269619a98936420c0d94b1220f5a9db177ce47b0f0d58975
nss-pkcs11-devel-3.79.0-5.el7_9.i686.rpm
SHA-256: 8fb841c3bea6a141f21004f286b195cf1d87a85401da06a91f25595f7a2aee06
nss-pkcs11-devel-3.79.0-5.el7_9.x86_64.rpm
SHA-256: d2f5d447782cf7bb45e12f5af7d0087845e6b189c70f59d631cf31038e13189b
nss-sysinit-3.79.0-5.el7_9.x86_64.rpm
SHA-256: cb2ba4b8e0b63de69bc7ebccd1ed1e8bc58d3cfc678a11acec33770674eb0ad3
nss-tools-3.79.0-5.el7_9.x86_64.rpm
SHA-256: 7871d6beaebffe96f891dda522ca9d162fcad94eb188d9febb97d2e98b67f392
Red Hat Enterprise Linux Workstation 7
SRPM
nss-3.79.0-5.el7_9.src.rpm
SHA-256: 79cd0f072996d0fca1af29557448dc868fd3567bac5ae012950401920c1397f3
x86_64
nss-3.79.0-5.el7_9.i686.rpm
SHA-256: 63994738b9073902dd60b6f0bf013b4d112c6b7f77011a1fec4bab2fc1dd2227
nss-3.79.0-5.el7_9.x86_64.rpm
SHA-256: beb397d137fb28a4f9909bd0f611c3580dc254c7771c564426bbcd4b17502895
nss-debuginfo-3.79.0-5.el7_9.i686.rpm
SHA-256: 7dcf8abe5d240aef23ca2eae83502f3470aaf6969eca185eb6d5bd240668c38f
nss-debuginfo-3.79.0-5.el7_9.i686.rpm
SHA-256: 7dcf8abe5d240aef23ca2eae83502f3470aaf6969eca185eb6d5bd240668c38f
nss-debuginfo-3.79.0-5.el7_9.x86_64.rpm
SHA-256: f8a1f34e397fcaee37500977c61196360b7c0252f95645974d254eb61f87d7f2
nss-debuginfo-3.79.0-5.el7_9.x86_64.rpm
SHA-256: f8a1f34e397fcaee37500977c61196360b7c0252f95645974d254eb61f87d7f2
nss-devel-3.79.0-5.el7_9.i686.rpm
SHA-256: ec4e5e246f1d68c7e5e44a295b05022daaee42ae3b80612d04b1515c03d98f8c
nss-devel-3.79.0-5.el7_9.x86_64.rpm
SHA-256: fe14c2f2b3610a5f269619a98936420c0d94b1220f5a9db177ce47b0f0d58975
nss-pkcs11-devel-3.79.0-5.el7_9.i686.rpm
SHA-256: 8fb841c3bea6a141f21004f286b195cf1d87a85401da06a91f25595f7a2aee06
nss-pkcs11-devel-3.79.0-5.el7_9.x86_64.rpm
SHA-256: d2f5d447782cf7bb45e12f5af7d0087845e6b189c70f59d631cf31038e13189b
nss-sysinit-3.79.0-5.el7_9.x86_64.rpm
SHA-256: cb2ba4b8e0b63de69bc7ebccd1ed1e8bc58d3cfc678a11acec33770674eb0ad3
nss-tools-3.79.0-5.el7_9.x86_64.rpm
SHA-256: 7871d6beaebffe96f891dda522ca9d162fcad94eb188d9febb97d2e98b67f392
Red Hat Enterprise Linux Desktop 7
SRPM
nss-3.79.0-5.el7_9.src.rpm
SHA-256: 79cd0f072996d0fca1af29557448dc868fd3567bac5ae012950401920c1397f3
x86_64
nss-3.79.0-5.el7_9.i686.rpm
SHA-256: 63994738b9073902dd60b6f0bf013b4d112c6b7f77011a1fec4bab2fc1dd2227
nss-3.79.0-5.el7_9.x86_64.rpm
SHA-256: beb397d137fb28a4f9909bd0f611c3580dc254c7771c564426bbcd4b17502895
nss-debuginfo-3.79.0-5.el7_9.i686.rpm
SHA-256: 7dcf8abe5d240aef23ca2eae83502f3470aaf6969eca185eb6d5bd240668c38f
nss-debuginfo-3.79.0-5.el7_9.i686.rpm
SHA-256: 7dcf8abe5d240aef23ca2eae83502f3470aaf6969eca185eb6d5bd240668c38f
nss-debuginfo-3.79.0-5.el7_9.x86_64.rpm
SHA-256: f8a1f34e397fcaee37500977c61196360b7c0252f95645974d254eb61f87d7f2
nss-debuginfo-3.79.0-5.el7_9.x86_64.rpm
SHA-256: f8a1f34e397fcaee37500977c61196360b7c0252f95645974d254eb61f87d7f2
nss-devel-3.79.0-5.el7_9.i686.rpm
SHA-256: ec4e5e246f1d68c7e5e44a295b05022daaee42ae3b80612d04b1515c03d98f8c
nss-devel-3.79.0-5.el7_9.x86_64.rpm
SHA-256: fe14c2f2b3610a5f269619a98936420c0d94b1220f5a9db177ce47b0f0d58975
nss-pkcs11-devel-3.79.0-5.el7_9.i686.rpm
SHA-256: 8fb841c3bea6a141f21004f286b195cf1d87a85401da06a91f25595f7a2aee06
nss-pkcs11-devel-3.79.0-5.el7_9.x86_64.rpm
SHA-256: d2f5d447782cf7bb45e12f5af7d0087845e6b189c70f59d631cf31038e13189b
nss-sysinit-3.79.0-5.el7_9.x86_64.rpm
SHA-256: cb2ba4b8e0b63de69bc7ebccd1ed1e8bc58d3cfc678a11acec33770674eb0ad3
nss-tools-3.79.0-5.el7_9.x86_64.rpm
SHA-256: 7871d6beaebffe96f891dda522ca9d162fcad94eb188d9febb97d2e98b67f392
Red Hat Enterprise Linux for IBM z Systems 7
SRPM
nss-3.79.0-5.el7_9.src.rpm
SHA-256: 79cd0f072996d0fca1af29557448dc868fd3567bac5ae012950401920c1397f3
s390x
nss-3.79.0-5.el7_9.s390.rpm
SHA-256: ab61d594fe0cfa74faa2c3e1618580044b50430909d3fef4b1e546ee115c51f8
nss-3.79.0-5.el7_9.s390x.rpm
SHA-256: d933be43bf16ae1396cec385bcb9853ed176017eda72b2a6c2cd8e35682ad727
nss-debuginfo-3.79.0-5.el7_9.s390.rpm
SHA-256: f9348ebc093eea2d0f6dd94654de874a1308cd42c4ae26a53693d55f728fe1aa
nss-debuginfo-3.79.0-5.el7_9.s390.rpm
SHA-256: f9348ebc093eea2d0f6dd94654de874a1308cd42c4ae26a53693d55f728fe1aa
nss-debuginfo-3.79.0-5.el7_9.s390x.rpm
SHA-256: 87a52efba2f17953986f642aa7aa30dac7741391a8f03fbaf29543a00974d53d
nss-debuginfo-3.79.0-5.el7_9.s390x.rpm
SHA-256: 87a52efba2f17953986f642aa7aa30dac7741391a8f03fbaf29543a00974d53d
nss-devel-3.79.0-5.el7_9.s390.rpm
SHA-256: b725171e6c8c3092a659541dfb4597081be8e1e040d9e2b8b64975aac25cea48
nss-devel-3.79.0-5.el7_9.s390x.rpm
SHA-256: 93d94facbbe4c8e18039f5fb9fa49224df6e2041e845ec55e9d0a74c7d439ded
nss-pkcs11-devel-3.79.0-5.el7_9.s390.rpm
SHA-256: fb4f3bb000a3e44227efa43bb29653e2a5b29a072e77d77e7963dcf6929ffefc
nss-pkcs11-devel-3.79.0-5.el7_9.s390x.rpm
SHA-256: 7f6e0b2e75d796fde9a6206584e0ea784e417a1c43e545e46ec1605d8b573f89
nss-sysinit-3.79.0-5.el7_9.s390x.rpm
SHA-256: 6649afa83a7c00173869e82abd235dcc1f30ae545d018aaf8a069071bb8edfe2
nss-tools-3.79.0-5.el7_9.s390x.rpm
SHA-256: e7b9f80aa04fc59f94b9794cb3090b27e5f05f9425dc6cfebbb54e2a663df52f
Red Hat Enterprise Linux for Power, big endian 7
SRPM
nss-3.79.0-5.el7_9.src.rpm
SHA-256: 79cd0f072996d0fca1af29557448dc868fd3567bac5ae012950401920c1397f3
ppc64
nss-3.79.0-5.el7_9.ppc.rpm
SHA-256: 437aa8e0bcd61da3e227f834afd15df0da40672a48a6515550c618ab43ce3fef
nss-3.79.0-5.el7_9.ppc64.rpm
SHA-256: 04db82a3faf1b33c64d86e311ccde5fbdbffca9496f88b648a9a19133b1a370d
nss-debuginfo-3.79.0-5.el7_9.ppc.rpm
SHA-256: 66b3190de7f273d6bcaf6e7e5a04051c5961712db44401a5ab153b6944c4cf5c
nss-debuginfo-3.79.0-5.el7_9.ppc.rpm
SHA-256: 66b3190de7f273d6bcaf6e7e5a04051c5961712db44401a5ab153b6944c4cf5c
nss-debuginfo-3.79.0-5.el7_9.ppc64.rpm
SHA-256: 596ec514c64636b82d08944573b241c84e84b3f6c8d5f785e49a013887772bbb
nss-debuginfo-3.79.0-5.el7_9.ppc64.rpm
SHA-256: 596ec514c64636b82d08944573b241c84e84b3f6c8d5f785e49a013887772bbb
nss-devel-3.79.0-5.el7_9.ppc.rpm
SHA-256: b8577dd17138086ccc983d991b793762bca0a25e55aba4588e21f7d274fa2f38
nss-devel-3.79.0-5.el7_9.ppc64.rpm
SHA-256: b9feafe11372f4f2158e42fea961760477568599409f47dbd14661c82b6765ad
nss-pkcs11-devel-3.79.0-5.el7_9.ppc.rpm
SHA-256: 933863e0a47244f53461c2363895e6073c65b2891b860a67db2ade3943834b3f
nss-pkcs11-devel-3.79.0-5.el7_9.ppc64.rpm
SHA-256: 2982d8b2ea0b0b61c4da85897adaa86499840537e810bbcbbd2295d5a769f765
nss-sysinit-3.79.0-5.el7_9.ppc64.rpm
SHA-256: 8998695333f0380cd88234d1a46683d228289ddc290ce932d5251d7ad1ec131c
nss-tools-3.79.0-5.el7_9.ppc64.rpm
SHA-256: e6bb9b9d04008cde984fd89f884b55eb19e62ac5c4c4529806508ce9aec532f3
Red Hat Enterprise Linux for Scientific Computing 7
SRPM
nss-3.79.0-5.el7_9.src.rpm
SHA-256: 79cd0f072996d0fca1af29557448dc868fd3567bac5ae012950401920c1397f3
x86_64
nss-3.79.0-5.el7_9.i686.rpm
SHA-256: 63994738b9073902dd60b6f0bf013b4d112c6b7f77011a1fec4bab2fc1dd2227
nss-3.79.0-5.el7_9.x86_64.rpm
SHA-256: beb397d137fb28a4f9909bd0f611c3580dc254c7771c564426bbcd4b17502895
nss-debuginfo-3.79.0-5.el7_9.i686.rpm
SHA-256: 7dcf8abe5d240aef23ca2eae83502f3470aaf6969eca185eb6d5bd240668c38f
nss-debuginfo-3.79.0-5.el7_9.i686.rpm
SHA-256: 7dcf8abe5d240aef23ca2eae83502f3470aaf6969eca185eb6d5bd240668c38f
nss-debuginfo-3.79.0-5.el7_9.x86_64.rpm
SHA-256: f8a1f34e397fcaee37500977c61196360b7c0252f95645974d254eb61f87d7f2
nss-debuginfo-3.79.0-5.el7_9.x86_64.rpm
SHA-256: f8a1f34e397fcaee37500977c61196360b7c0252f95645974d254eb61f87d7f2
nss-devel-3.79.0-5.el7_9.i686.rpm
SHA-256: ec4e5e246f1d68c7e5e44a295b05022daaee42ae3b80612d04b1515c03d98f8c
nss-devel-3.79.0-5.el7_9.x86_64.rpm
SHA-256: fe14c2f2b3610a5f269619a98936420c0d94b1220f5a9db177ce47b0f0d58975
nss-pkcs11-devel-3.79.0-5.el7_9.i686.rpm
SHA-256: 8fb841c3bea6a141f21004f286b195cf1d87a85401da06a91f25595f7a2aee06
nss-pkcs11-devel-3.79.0-5.el7_9.x86_64.rpm
SHA-256: d2f5d447782cf7bb45e12f5af7d0087845e6b189c70f59d631cf31038e13189b
nss-sysinit-3.79.0-5.el7_9.x86_64.rpm
SHA-256: cb2ba4b8e0b63de69bc7ebccd1ed1e8bc58d3cfc678a11acec33770674eb0ad3
nss-tools-3.79.0-5.el7_9.x86_64.rpm
SHA-256: 7871d6beaebffe96f891dda522ca9d162fcad94eb188d9febb97d2e98b67f392
Red Hat Enterprise Linux for Power, little endian 7
SRPM
nss-3.79.0-5.el7_9.src.rpm
SHA-256: 79cd0f072996d0fca1af29557448dc868fd3567bac5ae012950401920c1397f3
ppc64le
nss-3.79.0-5.el7_9.ppc64le.rpm
SHA-256: e86ac9b419809e0c6768df3d08b357245eb684934c12557c8e9a5578476c6ba9
nss-debuginfo-3.79.0-5.el7_9.ppc64le.rpm
SHA-256: acbae2a29038a9f59681968189f3186d3df6bf4cddd21a070d86096371cffb72
nss-debuginfo-3.79.0-5.el7_9.ppc64le.rpm
SHA-256: acbae2a29038a9f59681968189f3186d3df6bf4cddd21a070d86096371cffb72
nss-devel-3.79.0-5.el7_9.ppc64le.rpm
SHA-256: a7ddeab17afbfefb9dec920599eadf83c932cba15442106a21e855fe6f697b00
nss-pkcs11-devel-3.79.0-5.el7_9.ppc64le.rpm
SHA-256: ac4a7a5dba0a719e85786d4f8f3ef2141cb8244205443b537fecd3a28a3e4673
nss-sysinit-3.79.0-5.el7_9.ppc64le.rpm
SHA-256: d09575124274f897a8e33ed5ef5efb5fb7f72e542af2ff18e5209bc4fa86ca70
nss-tools-3.79.0-5.el7_9.ppc64le.rpm
SHA-256: fb1689b8ce64dc6f9f41e2077b51340119c78063eac876a0a82827fc3fe36dcc
Related news
OpenShift Serverless version 1.29.0 contains a moderate security impact. The References section contains CVE links providing detailed severity ratings for each vulnerability. Ratings are based on a Common Vulnerability Scoring System (CVSS) base score.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker ...
Multicluster Engine for Kubernetes 2.0.8 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.
Red Hat Security Advisory 2023-1887-01 - Multicluster Engine for Kubernetes 2.2.3 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.
Multicluster Engine for Kubernetes 2.2.3 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server. * CVE-2023-29017: A flaw was found in vm2 where the component...
An update is now available for Logging Subsystem for Red Hat OpenShift - 5.5.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large...
Red Hat Security Advisory 2023-1406-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
Red Hat Security Advisory 2023-1332-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
Red Hat Security Advisory 2023-0817-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0824-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0823-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Issues addressed include a use-after-free vulnerability.
Debian Linux Security Advisory 5355-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
Debian Linux Security Advisory 5353-1 - Christian Holler discovered that incorrect handling of PKCS 12 Safe Bag attributes in nss, the Mozilla Network Security Service library, may result in execution of arbitrary code if a specially crafted PKCS 12 certificate bundle is processed.
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0616: The Mozilla Foundation Security Advisory describes this flaw as: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted mes...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0616: The Mozilla Foundation Security Advisory describes this flaw as: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacke...
An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0616: The Mozilla Foundation Security Advisory describes this flaw as: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacke...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0616: The Mozilla Foundation Security Advisory describes this flaw as: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and di...
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0767: The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. * CVE-2023-25728: The Mozilla Foundation Security Advisory describes this flaw as: The `Content-Security-Policy-Report-Only`...