Release Info

Advisory: CLSA-2021:1640002354

OS: CentOS 6 ELS

Public date: 2021-12-06 00:00:00

Project: nss

Version: 3.44.0-12.el6.tuxcare.els1

Errata link: https://errata.cloudlinux.com/els6/CLSA-2021-1638804230.html

Changelog

- CVE-2021-43527: Fix memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) - Update to CKBI 2.50 from NSS 3.67 - Removing: - # Certificate "Verisign Class 3 Public Primary Certification Authority - G3" - # Certificate "AddTrust Low-Value Services Root" - # Certificate "AddTrust External Root" - # Certificate "GeoTrust Global CA" - # Certificate "GeoTrust Universal CA" - # Certificate "GeoTrust Universal CA 2" - # Certificate "QuoVadis Root CA" - # Certificate "Sonera Class 2 Root CA" - # Certificate "UTN USERFirst Email Root CA" - # Certificate "Taiwan GRCA" - # Certificate "Certplus Class 2 Primary CA" - # Certificate "GeoTrust Primary Certification Authority" - # Certificate "thawte Primary Root CA" - # Certificate "VeriSign Class 3 Public Primary Certification Authority - G5" - # Certificate "Deutsche Telekom Root CA 2" - # Certificate "GeoTrust Primary Certification Authority - G3" - # Certificate "thawte Primary Root CA - G2" - # Certificate "thawte Primary Root CA - G3" - # Certificate "GeoTrust Primary Certification Authority - G2" - # Certificate "VeriSign Universal Root Certification Authority" - # Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" - # Certificate "Staat der Nederlanden Root CA - G2" - # Certificate "Trustis FPS Root CA" - # Certificate "EE Certification Centre Root CA" - # Certificate "Swisscom Root CA 2" - # Certificate "Certinomis - Root CA" - # Certificate "LuxTrust Global Root 2" - # Certificate "Symantec Class 1 Public Primary Certification Authority - G4" - # Certificate "Symantec Class 2 Public Primary Certification Authority - G4" - Adding: - # Certificate "Entrust Root Certification Authority - G4" - # Certificate "Microsoft ECC Root Certificate Authority 2017" - # Certificate "Microsoft RSA Root Certificate Authority 2017" - # Certificate "e-Szigno Root CA 2017" - # Certificate "certSIGN Root CA G2" - # Certificate "Trustwave Global Certification Authority" - # Certificate "Trustwave Global ECC P256 Certification Authority" - # Certificate "Trustwave Global ECC P384 Certification Authority" - # Certificate "NAVER Global Root Certification Authority" - # Certificate "AC RAIZ FNMT-RCM SERVIDORES SEGUROS" - # Certificate "GlobalSign Secure Mail Root R45" - # Certificate "GlobalSign Secure Mail Root E45" - # Certificate "GlobalSign Root R46" - # Certificate "GlobalSign Root E46" - # Certificate "GLOBALTRUST 2020" - # Certificate "ANF Secure Server Root CA" - # Certificate "Certum EC-384 CA" - # Certificate "Certum Trusted Root CA" - revert last change. Patch was for nss-softokn - Fix out-of-bounds write in NSC_EncryptUpdate (#1775909)

Update

Update command: yum update nss*

Packages list

nss-tools-3.44.0-12.el6.tuxcare.els1.x86_64.rpm nss-devel-3.44.0-12.el6.tuxcare.els1.i686.rpm nss-pkcs11-devel-3.44.0-12.el6.tuxcare.els1.x86_64.rpm nss-sysinit-3.44.0-12.el6.tuxcare.els1.x86_64.rpm nss-pkcs11-devel-3.44.0-12.el6.tuxcare.els1.i686.rpm nss-devel-3.44.0-12.el6.tuxcare.els1.x86_64.rpm nss-3.44.0-12.el6.tuxcare.els1.i686.rpm nss-3.44.0-12.el6.tuxcare.els1.x86_64.rpm

CVEs

CVE-2021-43527