nspr-4.25.0-2.el7, nss-softokn-3.53.1-6.el7, nss-3.53.1-3.0.1.el7.AXS7, nss-util-3.53.1-1.el7

エラータID: AXSA:2020-683:02

Release date: 
Friday, October 23, 2020 - 09:53
Subject: 
nspr-4.25.0-2.el7, nss-softokn-3.53.1-6.el7, nss-3.53.1-3.0.1.el7.AXS7, nss-util-3.53.1-1.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Network Security Services (NSS) is a set of libraries designed to support the
cross-platform development of security-enabled client and server applications.

Netscape Portable Runtime (NSPR) provides platform independence for non-GUI
operating system facilities.

The following packages have been upgraded to a later upstream version: nss
(3.53.1), nss-softokn (3.53.1), nss-util (3.53.1), nspr (4.25.0)

Security Fix(es):

nss: Out-of-bounds read when importing curve25519 private key
(CVE-2019-11719)
nss: Use-after-free in sftk_FreeSession due to improper refcounting
(CVE-2019-11756)
nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)
nss: Side channel attack on ECDSA signature generation (CVE-2020-6829)
nss: P-384 and P-521 implementation uses a side-channel vulnerable modular
inversion function (CVE-2020-12400)
nss: ECDSA timing attack mitigation bypass (CVE-2020-12401)
nss: Side channel vulnerabilities during RSA key generation (CVE-2020-12402)
nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds
read (CVE-2020-12403)
nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727)
nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid
state (CVE-2019-17023)

CVE-2019-11719
CVE-2019-11756
CVE-2019-17006
CVE-2020-6829
CVE-2020-12400
CVE-2020-12401
CVE-2020-12402
CVE-2020-12403
CVE-2019-11727
CVE-2019-17023

Bug Fix(es):

Memory leak: libcurl leaks 120 bytes on each connection
NSS does not set downgrade sentinel in ServerHello.random for TLS 1.0 and
TLS 1.1
Make TLS 1.3 work in FIPS mode
Name Constraints validation: CN treated as DNS name even when syntactically
invalid as DNS name
x25519 allowed in FIPS mode
When NSS_SDB_USE_CACHE not set, after curl access https, dentry increase but
never released - consider alternative algorithm for benchmarking ACCESS call in
sdb_measureAccess
Running ipa-backup continuously causes httpd to crash and makes it
irrecoverable
nss needs to comply to the new SP800-56A rev 3 requirements
KDF-self-tests-induced changes for nss

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. nspr-4.25.0-2.el7.src.rpm
    MD5: 163dcc2f3647ef8b03aa0b5f81677ed4
    SHA-256: 973e9d75482397c0a1ca389cd9093e78f8661d1c602e10934fc4b224a55d8fc7
    Size: 1.05 MB
  2. nss-softokn-3.53.1-6.el7.src.rpm
    MD5: 0d4e4aef665d4f3b4cb57a639c71284d
    SHA-256: a8d61e5422127ca72cdc0e811eafb755b37ca14870bd519bdf0b68cd736c939e
    Size: 67.22 MB
  3. nss-3.53.1-3.0.1.el7.AXS7.src.rpm
    MD5: 3ca26fe2cc8d3751e39a4897f744df96
    SHA-256: 32596bd7a49a79cd2415baf60e125cd454ba7745f80512b1cda3151e5381cc6a
    Size: 77.67 MB
  4. nss-util-3.53.1-1.el7.src.rpm
    MD5: 89c79c776a86d5a7e4ba7defba07f359
    SHA-256: b824ce9a5abd4113e9112112f63aed05a1f92308c6c00b0749616e81258456dd
    Size: 19.80 MB

Asianux Server 7 for x86_64
  1. nspr-4.25.0-2.el7.x86_64.rpm
    MD5: 05e0e6fd0267d9452dc08856d8e1fc4a
    SHA-256: a53ea38635114daea5202e67c25ae2257d632d424239732a8b011d758c0443c0
    Size: 125.93 kB
  2. nspr-devel-4.25.0-2.el7.x86_64.rpm
    MD5: ebbe38d388bc9e9cc0a222d3b5922c50
    SHA-256: 855eba3fb0307aa9a8148d03a8c1c9c5ace2c49ffe314a993cab29202a71c040
    Size: 113.20 kB
  3. nss-softokn-3.53.1-6.el7.x86_64.rpm
    MD5: 9aab4fe496b94ec8623896f2c55eee07
    SHA-256: 3bea9d9a1f85fa20560a6bb7a9795da0704bd6b9f8cb9542534041e082a57fb1
    Size: 353.21 kB
  4. nss-softokn-devel-3.53.1-6.el7.x86_64.rpm
    MD5: d5f136352072d904fce8d9daff566ce6
    SHA-256: 32f51657cd856e9929f86b6d3cd5b5e4c20ca099c39b2863082495e43c1709a0
    Size: 29.97 kB
  5. nss-softokn-freebl-3.53.1-6.el7.x86_64.rpm
    MD5: 0db94bc9331b38405ecb0d5dc35ff1bb
    SHA-256: a424a9fa28c2ff8eff772bd30b772468b0e5b877689c3861492e546cdde0d159
    Size: 321.10 kB
  6. nss-softokn-freebl-devel-3.53.1-6.el7.x86_64.rpm
    MD5: d477fe7868ede705c98240e8913e9d28
    SHA-256: 09215777d7056fb1dbf994b4a80ee20cff5ca9b71aa48a34b036162503996817
    Size: 60.89 kB
  7. nss-3.53.1-3.0.1.el7.AXS7.x86_64.rpm
    MD5: d29f43c90bd358a3d12088338ce60116
    SHA-256: c9671aa8162a0dfbaa785a92cc8c31d60fa8e9b79946ee3aa12ea6cd54180fb4
    Size: 867.94 kB
  8. nss-devel-3.53.1-3.0.1.el7.AXS7.x86_64.rpm
    MD5: 390a9f57f9170d2efe495e2beebdc14d
    SHA-256: 51d7181d56fb042b4d2b6ce7f51a7d8e43c688fa1914d0f3f9c9faf8b3c64eb6
    Size: 239.19 kB
  9. nss-sysinit-3.53.1-3.0.1.el7.AXS7.x86_64.rpm
    MD5: 971b68609876b2c2fbe5d8f4896214cd
    SHA-256: 757dc43f2949f7cbe4170ee822eb7e63ede542aeccab87f7639cb17e9a7f5462
    Size: 64.59 kB
  10. nss-tools-3.53.1-3.0.1.el7.AXS7.x86_64.rpm
    MD5: 4dfab147b25b23e3978551970f6deba0
    SHA-256: 1f2870650cb5d3e8e45b6e5fb1d67904d99b94fe6af439f51fea72cf9d8670d3
    Size: 534.09 kB
  11. nss-util-3.53.1-1.el7.x86_64.rpm
    MD5: 3d9f2f93cfa3ea6fc95fceb941925ed7
    SHA-256: 5d2e95790c337f7ef8d3dfe516c65eb3e2cd36d2789be66936f0ac7988c9bcc8
    Size: 78.14 kB
  12. nss-util-devel-3.53.1-1.el7.x86_64.rpm
    MD5: a21bb569e64dfec71126cb0cd276f350
    SHA-256: 75bb3401d9ff2fe53398b16d9064a1761e49ad5927fecd1ffb72d4e01e0427e2
    Size: 80.09 kB
  13. nspr-4.25.0-2.el7.i686.rpm
    MD5: c28ebdd5cd182921ad479affcbb75920
    SHA-256: a910ddaf832a6056e347c65f11d7c02589da55f2922c8441ce77173ac27d03e9
    Size: 127.61 kB
  14. nspr-devel-4.25.0-2.el7.i686.rpm
    MD5: 9195414a6e6fc4315d8f83d5a1cfa593
    SHA-256: 0d37544066cb24f7cde9d22558019456a1574aaa91560301d033bc27fc2a00b3
    Size: 113.25 kB
  15. nss-softokn-3.53.1-6.el7.i686.rpm
    MD5: 1bc097651ff4045878cae295888f5830
    SHA-256: 8a6b57b4f36f9949dcfbb21085a991586a9e9f9b7894f8c66f784d5436fdf575
    Size: 360.54 kB
  16. nss-softokn-devel-3.53.1-6.el7.i686.rpm
    MD5: 6bafc32b3f9ae2526892d22d13cd5654
    SHA-256: aa7111ef28cb5f5924f87ab3d60c4ac905843eb853b03fc34cc348afec1ee2ee
    Size: 30.01 kB
  17. nss-softokn-freebl-3.53.1-6.el7.i686.rpm
    MD5: 8b650145345e8ec93ab1dab3f06298a8
    SHA-256: e1ffb51ad983e451e44418709aed671bba239dc7aa5da81aa0bbce5b9c65d2f0
    Size: 320.59 kB
  18. nss-softokn-freebl-devel-3.53.1-6.el7.i686.rpm
    MD5: b7cf5ba1b9c45563fb72c89fa2106eb5
    SHA-256: 690f294ff68db9aef765dc5e5e4c32227cf0d8b5e839995abb841a138e869e7d
    Size: 59.91 kB
  19. nss-3.53.1-3.0.1.el7.AXS7.i686.rpm
    MD5: f9cc0ff370303aa2a79d00620e85209a
    SHA-256: 16dc957c86813a22d0548c203f450803cc5f829836ad34b8541e05ef2bc10748
    Size: 868.45 kB
  20. nss-devel-3.53.1-3.0.1.el7.AXS7.i686.rpm
    MD5: 983c2cec828398e0cbca7b190fb26576
    SHA-256: 09a0298f3c47df12cf4253d4bda6614b8b080d29ac855efe7e79135fb2e501ac
    Size: 240.64 kB
  21. nss-util-3.53.1-1.el7.i686.rpm
    MD5: b8ef15702b98971a53c61d4aa8d21277
    SHA-256: 84a2a108f6718d8691ee9d4b868decd21809d126ee34dfd6d156339db57a5895
    Size: 76.62 kB
  22. nss-util-devel-3.53.1-1.el7.i686.rpm
    MD5: cba47eb4422b86ba1effb822c800d146
    SHA-256: c8fcd275efe65e274031a27fc8bf7c9b5a8623b471e56eb16e6fc71ff01ab635
    Size: 80.13 kB