Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Red Hat Enterprise Linux 8 RHSA-2021-3572-01 Moderate: NSS DoS Attack Fix

red hat
Calendar Grey September 21, 2021
Dist Redhat Esm H88
Minor revision for CentOS Stream 9 focusing on nss and nspr addressing potential remote DoS vulnerabilities, along with several improvements.
An update for nss and nspr is now available for Red Hat Enterprise Linux 8

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, applications using NSS (for example, Firefox) must be restarted for this update to take effect. After installing this update, applications using NSPR (for example, Firefox) must be restarted for this update to take effect.

Summary

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities.
The following packages have been upgraded to a later upstream version: nss (3.67.0), nspr (4.32.0). (BZ#1967980)
Security Fix(es):
* nss: TLS 1.3 CCS flood remote DoS Attack (CVE-2020-25648)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* 8025 error code when creating subCAs (BZ#1977412)
* NSS cannot use SQL databases created by specific versions of NSS (BZ#1978443)
* Inconsistent handling of malformed CertificateRequest messages (BZ#1980050)
Enhancement(s):
* [IBM 8.5 FEAT] [P10] POWER10 performance enhancements for cryptography: NSS FreeBL (BZ#1978257)

References

https://access.redhat.com/security/cve/CVE-2020-25648 https://access.redhat.com/security/updates/classification/#moderate

Package List

Red Hat Enterprise Linux AppStream (v. 8):
Source: nspr-4.32.0-1.el8_4.src.rpm nss-3.67.0-6.el8_4.src.rpm
aarch64: nspr-4.32.0-1.el8_4.aarch64.rpm nspr-debuginfo-4.32.0-1.el8_4.aarch64.rpm nspr-debugsource-4.32.0-1.el8_4.aarch64.rpm nspr-devel-4.32.0-1.el8_4.aarch64.rpm nss-3.67.0-6.el8_4.aarch64.rpm nss-debuginfo-3.67.0-6.el8_4.aarch64.rpm nss-debugsource-3.67.0-6.el8_4.aarch64.rpm nss-devel-3.67.0-6.el8_4.aarch64.rpm nss-softokn-3.67.0-6.el8_4.aarch64.rpm nss-softokn-debuginfo-3.67.0-6.el8_4.aarch64.rpm nss-softokn-devel-3.67.0-6.el8_4.aarch64.rpm nss-softokn-freebl-3.67.0-6.el8_4.aarch64.rpm nss-softokn-freebl-debuginfo-3.67.0-6.el8_4.aarch64.rpm nss-softokn-freebl-devel-3.67.0-6.el8_4.aarch64.rpm nss-sysinit-3.67.0-6.el8_4.aarch64.rpm nss-sysinit-debuginfo-3.67.0-6.el8_4.aarch64.rpm nss-tools-3.67.0-6.el8_4.aarch64.rpm nss-tools-debuginfo-3.67.0-6.el8_4.aarch64.rpm nss-util-3.67.0-6.el8_4.aarch64.rpm nss-util-debuginfo-3.67.0-6.el8_4.aarch64.rpm nss-util-devel-3.67.0-6.el8_4.aarch64.rpm
ppc64le: nspr-4.32.0-1.el8_4.ppc64le.rpm nspr-debuginfo-4.32.0-1.el8_4.ppc64le.rpm nspr-debugsource-4.32.0-1.el8_4.ppc64le.rpm nspr-devel-4.32.0-1.el8_4.ppc64le.rpm nss-3.67.0-6.el8_4.ppc64le.rpm nss-debuginfo-3.67.0-6.el8_4.ppc64le.rpm nss-debugsource-3.67.0-6.el8_4.ppc64le.rpm

Read the Full Advisory


Advisory ID: RHSA-2021:3572-01
Product: Red Hat Enterprise Linux
Issue date: 2021-09-21

Topic

An update for nss and nspr is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

Bugs Fixed

1887319 - CVE-2020-25648 nss: TLS 1.3 CCS flood remote DoS Attack

1967980 - Need to rebase to NSS 3.66 for Firefox 91 Release [rhel-8.4.0.z]

1976250 - pkix_Build_GatherCerts() bug causes sporadic libreswan/IKE certificate validation errors [rhel-8.4.0.z]

1976253 - time bomb in nss 3.57.1-17.el8_3, test cert expired [rhel-8.4.0.z]

1976255 - SHA-1 signatures in CertificateVerify are accepted in FIPS mode [rhel-8.4.0.z]

1976257 - Document that modutil creates "sql" database by default, even when "sql:" prefix is not specified [rhel-8.4.0.z]

1976258 - Strict prototype error when trying to compile nss code that includes blapi.h [rhel-8.4.0.z]

1977412 - 8025 error code when creating subCAs [rhel-8.4.0.z]

1978443 - NSS cannot use SQL databases created by specific versions of NSS [rhel-8.4.0.z]

1996774 - Need to rebase to NSPR 4.32 for Firefox 91 Release

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here