[CLSA-2021:1638804230] Fix of CVE: CVE-2021-43527
Type:
security
Severity:
moderate
Release date:
2021-12-06
Description:
- CVE-2021-43527: Fix memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) - Update to CKBI 2.50 from NSS 3.67 - Removing: - # Certificate "Verisign Class 3 Public Primary Certification Authority - G3" - # Certificate "AddTrust Low-Value Services Root" - # Certificate "AddTrust External Root" - # Certificate "GeoTrust Global CA" - # Certificate "GeoTrust Universal CA" - # Certificate "GeoTrust Universal CA 2" - # Certificate "QuoVadis Root CA" - # Certificate "Sonera Class 2 Root CA" - # Certificate "UTN USERFirst Email Root CA" - # Certificate "Taiwan GRCA" - # Certificate "Certplus Class 2 Primary CA" - # Certificate "GeoTrust Primary Certification Authority" - # Certificate "thawte Primary Root CA" - # Certificate "VeriSign Class 3 Public Primary Certification Authority - G5" - # Certificate "Deutsche Telekom Root CA 2" - # Certificate "GeoTrust Primary Certification Authority - G3" - # Certificate "thawte Primary Root CA - G2" - # Certificate "thawte Primary Root CA - G3" - # Certificate "GeoTrust Primary Certification Authority - G2" - # Certificate "VeriSign Universal Root Certification Authority" - # Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" - # Certificate "Staat der Nederlanden Root CA - G2" - # Certificate "Trustis FPS Root CA" - # Certificate "EE Certification Centre Root CA" - # Certificate "Swisscom Root CA 2" - # Certificate "Certinomis - Root CA" - # Certificate "LuxTrust Global Root 2" - # Certificate "Symantec Class 1 Public Primary Certification Authority - G4" - # Certificate "Symantec Class 2 Public Primary Certification Authority - G4" - Adding: - # Certificate "Entrust Root Certification Authority - G4" - # Certificate "Microsoft ECC Root Certificate Authority 2017" - # Certificate "Microsoft RSA Root Certificate Authority 2017" - # Certificate "e-Szigno Root CA 2017" - # Certificate "certSIGN Root CA G2" - # Certificate "Trustwave Global Certification Authority" - # Certificate "Trustwave Global ECC P256 Certification Authority" - # Certificate "Trustwave Global ECC P384 Certification Authority" - # Certificate "NAVER Global Root Certification Authority" - # Certificate "AC RAIZ FNMT-RCM SERVIDORES SEGUROS" - # Certificate "GlobalSign Secure Mail Root R45" - # Certificate "GlobalSign Secure Mail Root E45" - # Certificate "GlobalSign Root R46" - # Certificate "GlobalSign Root E46" - # Certificate "GLOBALTRUST 2020" - # Certificate "ANF Secure Server Root CA" - # Certificate "Certum EC-384 CA" - # Certificate "Certum Trusted Root CA" - revert last change. Patch was for nss-softokn - Fix out-of-bounds write in NSC_EncryptUpdate (#1775909)
Updated packages:
  • nss-tools-3.44.0-12.el6.tuxcare.els1.x86_64.rpm
    sha:9e972c3f786d5f0eb40bcb9dcbec345be7e83c26
  • nss-devel-3.44.0-12.el6.tuxcare.els1.i686.rpm
    sha:4e3ce4930ecac2de5919d4d8d246fbadf87fb8ef
  • nss-pkcs11-devel-3.44.0-12.el6.tuxcare.els1.x86_64.rpm
    sha:10a31561f099b64f122787b855e2128e198a9ea9
  • nss-sysinit-3.44.0-12.el6.tuxcare.els1.x86_64.rpm
    sha:5ff56fd1482cdbc9ef3ec109882699f2eed47d26
  • nss-pkcs11-devel-3.44.0-12.el6.tuxcare.els1.i686.rpm
    sha:ba06a335f5572804d15c9a9864a791e13b5ae3b2
  • nss-devel-3.44.0-12.el6.tuxcare.els1.x86_64.rpm
    sha:fe3cf5eea99aa1cc3c52f6ecc0ba2840cc8377fd
  • nss-3.44.0-12.el6.tuxcare.els1.i686.rpm
    sha:0138186b224db1a04279225d4a3524552f37a019
  • nss-3.44.0-12.el6.tuxcare.els1.x86_64.rpm
    sha:e55e088e204aef7c6b664ff398f687be66e871e2
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.