GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Aug 19, 2020 11:26 am Post subject: [ GLSA 202008-08 ] Mozilla Network Security Service (NSS) |
 |
|
Gentoo Linux Security Advisory
Title: Mozilla Network Security Service (NSS): Multiple vulnerabilities (GLSA 202008-08)
Severity: normal
Exploitable: local, remote
Date: 2020-08-19
Bug(s): #734986
ID: 202008-08
Synopsis
NSS has multiple information disclosure vulnerabilities when
handling secret key material.
Background
The Mozilla Network Security Service (NSS) is a library implementing
security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS
#12, S/MIME and X.509 certificates.
Affected Packages
Package: dev-libs/nss
Vulnerable: < 3.55
Unaffected: >= 3.55
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in NSS. Please review the
CVE identifiers referenced below for details.
Impact
An attacker may be able to obtain information about secret key material.
Workaround
There is no known workaround at this time.
Resolution
All NSS users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/nss-3.55"
|
References
CVE-2020-12400
CVE-2020-12401
CVE-2020-12403 |
|
News & Announcements
