Mageia 8 MGASA-2021-0534 Critical: NSS Heap Overflow Threat
mageia
December 2, 2021
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures
Summary
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are
vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS
signatures. Applications using NSS for handling signatures encoded within
CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Applications
using NSS for certificate validation or other TLS, X.509, OCSP or CRL
functionality may be impacted, depending on how they configure NSS
(CVE-2021-43527).
Note: This vulnerability does NOT impact Mozilla Firefox. However, email
clients and PDF viewers that use NSS for signature verification, such as
Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted.
References
- https://bugs.mageia.org/show_bug.cgi?id=29714
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/
- https://www.cve.org/CVERecord?id=CVE-2021-43527
Topics Covered
Resolution
SRPMS
- 8/core/nss-3.73.0-1.mga8
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 02 Dec 2021
URL: https://advisories.mageia.org/MGASA-2021-0534.html
Type: security
CVE: CVE-2021-43527
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!