GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Mar 16, 2020 11:26 pm Post subject: [ GLSA 202003-37 ] Mozilla Network Security Service |
 |
|
Gentoo Linux Security Advisory
Title: Mozilla Network Security Service: Multiple vulnerabilities (GLSA 202003-37)
Severity: normal
Exploitable: local, remote
Date: 2020-03-16
Bug(s): #627534, #676868, #701840
ID: 202003-37
Synopsis
Multiple vulnerabilities have been found in Mozilla Network
Security Service (NSS), the worst of which may lead to arbitrary code
execution.
Background
The Mozilla Network Security Service (NSS) is a library implementing
security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS
#12, S/MIME and X.509 certificates.
Affected Packages
Package: dev-libs/nss
Vulnerable: < 3.49
Unaffected: >= 3.49
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Mozilla Network
Security Service (NSS). Please review the CVE identifiers referenced
below for details.
Impact
An attacker could execute arbitrary code, cause a Denial of Service
condition or have other unspecified impact.
Workaround
There is no known workaround at this time.
Resolution
All Mozilla Network Security Service (NSS) users should upgrade to the
latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/nss-3.49"
|
References
CVE-2017-11695
CVE-2017-11696
CVE-2017-11697
CVE-2017-11698
CVE-2018-18508
CVE-2019-11745 |
|
News & Announcements
