Synopsis:          Important: nss, nss-softokn, nss-util security update
Advisory ID:       SLSA-2019:4190-1
Issue Date:        2019-12-10
CVE Numbers:       None
--

Security Fix(es):

* nss: Out-of-bounds write when passing an output buffer smaller than the
block size to NSC_EncryptUpdate (CVE-2019-11745)

* nss: Empty or malformed p256-ECDH public keys may trigger a segmentation
fault (CVE-2019-11729)
--

SL7
  x86_64
    nss-3.44.0-7.el7_7.i686.rpm
    nss-3.44.0-7.el7_7.x86_64.rpm
    nss-debuginfo-3.44.0-7.el7_7.i686.rpm
    nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm
    nss-softokn-3.44.0-8.el7_7.i686.rpm
    nss-softokn-3.44.0-8.el7_7.x86_64.rpm
    nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm
    nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm
    nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm
    nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm
    nss-sysinit-3.44.0-7.el7_7.x86_64.rpm
    nss-tools-3.44.0-7.el7_7.x86_64.rpm
    nss-util-3.44.0-4.el7_7.i686.rpm
    nss-util-3.44.0-4.el7_7.x86_64.rpm
    nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm
    nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm
    nss-devel-3.44.0-7.el7_7.i686.rpm
    nss-devel-3.44.0-7.el7_7.x86_64.rpm
    nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm
    nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm
    nss-softokn-devel-3.44.0-8.el7_7.i686.rpm
    nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm
    nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm
    nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm
    nss-util-devel-3.44.0-4.el7_7.i686.rpm
    nss-util-devel-3.44.0-4.el7_7.x86_64.rpm

- Scientific Linux Development Team