ID

VAR-202001-1433


CVE

CVE-2019-11745


TITLE

Ubuntu Security Notice USN-4203-2

Trust: 0.1

sources: PACKETSTORM: 155487

DESCRIPTION

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. ========================================================================= Ubuntu Security Notice USN-4203-2 November 27, 2019 nss vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: NSS could be made to crash or run programs if it received specially crafted input. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that NSS incorrectly handled certain memory operations. Background ========== The Mozilla Network Security Service (NSS) is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: nss-softokn security update Advisory ID: RHSA-2019:4152-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:4152 Issue date: 2019-12-10 CVE Names: CVE-2019-11745 ==================================================================== 1. Summary: An update for nss-softokn is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Security Fix(es): * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: nss-softokn-3.44.0-6.el6_10.src.rpm i386: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm x86_64: nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: nss-softokn-3.44.0-6.el6_10.src.rpm x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: nss-softokn-3.44.0-6.el6_10.src.rpm i386: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm ppc64: nss-softokn-3.44.0-6.el6_10.ppc.rpm nss-softokn-3.44.0-6.el6_10.ppc64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.ppc.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.ppc64.rpm nss-softokn-devel-3.44.0-6.el6_10.ppc.rpm nss-softokn-devel-3.44.0-6.el6_10.ppc64.rpm nss-softokn-freebl-3.44.0-6.el6_10.ppc.rpm nss-softokn-freebl-3.44.0-6.el6_10.ppc64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.ppc.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.ppc64.rpm s390x: nss-softokn-3.44.0-6.el6_10.s390.rpm nss-softokn-3.44.0-6.el6_10.s390x.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.s390.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.s390x.rpm nss-softokn-devel-3.44.0-6.el6_10.s390.rpm nss-softokn-devel-3.44.0-6.el6_10.s390x.rpm nss-softokn-freebl-3.44.0-6.el6_10.s390.rpm nss-softokn-freebl-3.44.0-6.el6_10.s390x.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.s390.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.s390x.rpm x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: nss-softokn-3.44.0-6.el6_10.src.rpm i386: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-11745 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXe+MiNzjgjWX9erEAQiepQ/7BesVlTbWtK/e4tqUqQ2WADoCPilxvBo5 lQ/zdsIXw069qAzU/GutaUM3DN7qvxSDCtxOTeQy605jkHYnV1HPjIXxYkug6ETV atrTxcph7BwV5w3sS4D+/N7FvYaGfluSQL65lihS3VNvtiA3excFw3hyaPeI/miM N7+ZHE+kD3vFL2DL6gOMTa/FGfa2w55ka0ODEpL9xCm+vBwVEyNAYVZqzfDQdWwz 5gWlJd7NEJq1qqrNlMuwOrn3YYd2R9VPcrYEvoNRW/Dcf5BNstDmadIPAVcsG1rT Me5PeII3MRIHLEkgYGFNmrxcctWSdC1VIuMsSUdC1lKnqZSpHMq4JjaNfjh3TAtg 2Avl2Jyhm1N56h6OsQo/UX2A7vRdGfgmVlv5jkFBYvjdilLmFQRCzouyJMAXmbZu pUAqowHA9cN3RUYU7so7cU/4AKI3nlsHpH1o1ExICEUclsKn2rnxJquGMxhsVxEv rnv9JKH4IuGKBxt0KTUZRLYsSdHdbrAhlHvanLCi9px7KvqTNIMpblijHLe/1OqD 9mVJjZpCAIJ3et+qPKzfdnjd76UqWbndQlgAwlVN07XODHBLSZkh0iY1nT1Az/WN +wo3O48nWAzPvg2H5jy/+zq7mLI16W0t2mG8rUXHR2Don93Efomtbs7sFDxiiMOP Iowc4iq7Yac=lxBi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7.4) - x86_64 3. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Firefox: Multiple vulnerabilities Date: March 12, 2020 Bugs: #702638, #705000, #709346, #712182 ID: 202003-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Background ========== Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/firefox < 68.6.0 >= 68.6.0 2 www-client/firefox-bin < 68.6.0 >= 68.6.0 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to view a specially crafted web page, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround ========== There is no known workaround at this time. Resolution ========== All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-68.6.0" All Mozilla Firefox binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-68.6.0" References ========== [ 1 ] CVE-2019-11745 https://nvd.nist.gov/vuln/detail/CVE-2019-11745 [ 2 ] CVE-2019-17005 https://nvd.nist.gov/vuln/detail/CVE-2019-17005 [ 3 ] CVE-2019-17008 https://nvd.nist.gov/vuln/detail/CVE-2019-17008 [ 4 ] CVE-2019-17010 https://nvd.nist.gov/vuln/detail/CVE-2019-17010 [ 5 ] CVE-2019-17011 https://nvd.nist.gov/vuln/detail/CVE-2019-17011 [ 6 ] CVE-2019-17012 https://nvd.nist.gov/vuln/detail/CVE-2019-17012 [ 7 ] CVE-2019-17016 https://nvd.nist.gov/vuln/detail/CVE-2019-17016 [ 8 ] CVE-2019-17017 https://nvd.nist.gov/vuln/detail/CVE-2019-17017 [ 9 ] CVE-2019-17022 https://nvd.nist.gov/vuln/detail/CVE-2019-17022 [ 10 ] CVE-2019-17024 https://nvd.nist.gov/vuln/detail/CVE-2019-17024 [ 11 ] CVE-2019-17026 https://nvd.nist.gov/vuln/detail/CVE-2019-17026 [ 12 ] CVE-2019-20503 https://nvd.nist.gov/vuln/detail/CVE-2019-20503 [ 13 ] CVE-2020-6796 https://nvd.nist.gov/vuln/detail/CVE-2020-6796 [ 14 ] CVE-2020-6797 https://nvd.nist.gov/vuln/detail/CVE-2020-6797 [ 15 ] CVE-2020-6798 https://nvd.nist.gov/vuln/detail/CVE-2020-6798 [ 16 ] CVE-2020-6799 https://nvd.nist.gov/vuln/detail/CVE-2020-6799 [ 17 ] CVE-2020-6800 https://nvd.nist.gov/vuln/detail/CVE-2020-6800 [ 18 ] CVE-2020-6805 https://nvd.nist.gov/vuln/detail/CVE-2020-6805 [ 19 ] CVE-2020-6806 https://nvd.nist.gov/vuln/detail/CVE-2020-6806 [ 20 ] CVE-2020-6807 https://nvd.nist.gov/vuln/detail/CVE-2020-6807 [ 21 ] CVE-2020-6811 https://nvd.nist.gov/vuln/detail/CVE-2020-6811 [ 22 ] CVE-2020-6812 https://nvd.nist.gov/vuln/detail/CVE-2020-6812 [ 23 ] CVE-2020-6814 https://nvd.nist.gov/vuln/detail/CVE-2020-6814 [ 24 ] MFSA-2019-37 https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/ [ 25 ] MFSA-2020-03 https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/ [ 26 ] MFSA-2020-06 https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/ [ 27 ] MFSA-2020-09 https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/ Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . 8.0) - ppc64le, x86_64 3. For the stable distribution (buster), these problems have been fixed in version 2:3.42.1-1+deb10u2. We recommend that you upgrade your nss packages. For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nss Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3qzaYACgkQEMKTtsN8 TjZ7yg//SABSzXoip0pAHIT9lNxDFNL44E27iqRWeurCyfxnQNvNaeShakiTj1Yj sSb2pqo0+gGLsUgtQdKKc8yeOERvuihWRoVDroW7onYG93vpsZ1H8Z7HSEJOGMQl Bt/HcjayCfXrA313/B5SBTiKE/Ks4CvYQvk+BrFwjFEUoYhXzxXwfUIxym1L8+gq jG3Qsh38iOFhrXfXBe2PGaUGU6AVcS/BGTam31s1g54mta4a+obIbvvQu3MGHJLH UTTcVPy7PhK5dofufbJXo1QGqfgdLxsvZAqhcyU1cXBZa7k18Ykts9jKukwoDZV0 hR2jISnOddovQWdPWLqz/ENOTIkY8Ue5/cPIaQ+I9tAL2JOBHBmddP+WeqBxpO8o DpP+4EILROZQ5g+WjLT1Twsje3NJQYx6z7YmXo/0N0ELM+81Sono1wKTgegVBa0F 8eET2FDW45sKFOGV1QTTI5F1mSmgSHiTdtVl/riuzdWrdig8316dByz994dZD+Co TgMiALJWwiVDY6XHHrPwzmvqNoqlcUvNgh4v7tRkTL/YjlHxD+x8R08sRaVo5gqz Z4CyLaP1ByO0X/i4dkuVtD5kIX9GlqLRYkUSnOBhwaoPr7ZgZBCnJfyQixsME1L5 yOg6+j//ncYos+KWeb1upZdUHHB340UmTxbEtECa7jfanMcrtpw= =QZmZ -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2019-11745 // VULMON: CVE-2019-11745 // PACKETSTORM: 155487 // PACKETSTORM: 156770 // PACKETSTORM: 155486 // PACKETSTORM: 155609 // PACKETSTORM: 157142 // PACKETSTORM: 155589 // PACKETSTORM: 156704 // PACKETSTORM: 155989 // PACKETSTORM: 156093 // PACKETSTORM: 155601

AFFECTED PRODUCTS

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:mozillamodel:firefox esrscope:ltversion:68.3

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.10

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1400scope:ltversion:2.14.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1512scope:ltversion:2.14.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:mozillamodel:thunderbirdscope:ltversion:68.3.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1510scope:ltversion:2.14.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx5000scope:ltversion:2.14.0

Trust: 1.0

vendor:mozillamodel:firefoxscope:ltversion:71.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1500scope:ltversion:2.14.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1501scope:ltversion:2.14.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1511scope:ltversion:2.14.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rox mx5000scope:ltversion:2.14.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:6.6

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

sources: NVD: CVE-2019-11745

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11745
value: HIGH

Trust: 1.0

VULMON: CVE-2019-11745
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-11745
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2019-11745
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2019-11745 // NVD: CVE-2019-11745

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

sources: NVD: CVE-2019-11745

THREAT TYPE

remote

Trust: 0.3

sources: PACKETSTORM: 155487 // PACKETSTORM: 155486 // PACKETSTORM: 155989

TYPE

arbitrary

Trust: 0.4

sources: PACKETSTORM: 155487 // PACKETSTORM: 155486 // PACKETSTORM: 156704 // PACKETSTORM: 155601

PATCH

title:Red Hat: Important: nss security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200243 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss-softokn security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201461 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194114 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss-softokn security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200466 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss-softokn security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194152 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss, nss-softokn, nss-util security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194190 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss-softokn security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201345 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss-softokn security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201267 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: nss vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4203-2

Trust: 0.1

title:Ubuntu Security Notice: nss vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4203-1

Trust: 0.1

title:Debian Security Advisories: DSA-4579-1 nss -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=0af759a984821af0886871e7a26a298e

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2019-11745 log

Trust: 0.1

title:Amazon Linux 2: ALAS2-2020-1379url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1379

Trust: 0.1

title:IBM: Security Bulletin: Vulnerability in nss, nss-softokn, nss-util vulnerability (CVE-2019-11729 and CVE-2019-11745)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=74fd642ff4a4659039a762a5a0a24106

Trust: 0.1

title:Amazon Linux 2: ALAS2-2023-1942url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2023-1942

Trust: 0.1

title:Amazon Linux 2: ALAS2-2020-1384url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1384

Trust: 0.1

title:Amazon Linux AMI: ALAS-2020-1355url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1355

Trust: 0.1

title:Ubuntu Security Notice: firefox vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4216-1

Trust: 0.1

title:Arch Linux Advisories: [ASA-201912-2] thunderbird: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201912-2

Trust: 0.1

title:Ubuntu Security Notice: firefox vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4216-2

Trust: 0.1

title:Ubuntu Security Notice: thunderbird vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4241-1

Trust: 0.1

title:Mozilla: Security Vulnerabilities fixed in - Firefox ESR 68.3url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=940e53f5eecee1395e2713b0ed07506b

Trust: 0.1

title:Mozilla: Security Vulnerabilities fixed in - Thunderbird 68.3url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=dffa374fab03b4f5b5596346629ccc8c

Trust: 0.1

title:Arch Linux Advisories: [ASA-201912-1] firefox: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201912-1

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=409c1cd1b8ef401020956950fd839000

Trust: 0.1

title:Mozilla: Security Vulnerabilities fixed in - Firefox 71url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=a8e439d387c58595bbdb24cc3bdadd40

Trust: 0.1

title:Ubuntu Security Notice: thunderbird vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4335-1

Trust: 0.1

title: - url:https://github.com/vincent-deng/veracode-container-security-finding-parser

Trust: 0.1

sources: VULMON: CVE-2019-11745

EXTERNAL IDS

db:NVDid:CVE-2019-11745

Trust: 2.1

db:ICS CERTid:ICSA-21-040-04

Trust: 1.1

db:SIEMENSid:SSA-379803

Trust: 1.1

db:VULMONid:CVE-2019-11745

Trust: 0.1

db:PACKETSTORMid:155487

Trust: 0.1

db:PACKETSTORMid:156770

Trust: 0.1

db:PACKETSTORMid:155486

Trust: 0.1

db:PACKETSTORMid:155609

Trust: 0.1

db:PACKETSTORMid:157142

Trust: 0.1

db:PACKETSTORMid:155589

Trust: 0.1

db:PACKETSTORMid:156704

Trust: 0.1

db:PACKETSTORMid:155989

Trust: 0.1

db:PACKETSTORMid:156093

Trust: 0.1

db:PACKETSTORMid:155601

Trust: 0.1

sources: VULMON: CVE-2019-11745 // PACKETSTORM: 155487 // PACKETSTORM: 156770 // PACKETSTORM: 155486 // PACKETSTORM: 155609 // PACKETSTORM: 157142 // PACKETSTORM: 155589 // PACKETSTORM: 156704 // PACKETSTORM: 155989 // PACKETSTORM: 156093 // PACKETSTORM: 155601 // NVD: CVE-2019-11745

REFERENCES

url:https://access.redhat.com/errata/rhsa-2020:0243

Trust: 1.3

url:https://security.gentoo.org/glsa/202003-02

Trust: 1.2

url:https://security.gentoo.org/glsa/202003-37

Trust: 1.2

url:https://www.mozilla.org/security/advisories/mfsa2019-38/

Trust: 1.1

url:https://www.mozilla.org/security/advisories/mfsa2019-37/

Trust: 1.1

url:https://www.mozilla.org/security/advisories/mfsa2019-36/

Trust: 1.1

url:https://bugzilla.mozilla.org/show_bug.cgi?id=1586176

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html

Trust: 1.1

url:https://usn.ubuntu.com/4241-1/

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2020:0466

Trust: 1.1

url:https://security.gentoo.org/glsa/202003-10

Trust: 1.1

url:https://usn.ubuntu.com/4335-1/

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html

Trust: 1.1

url:https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf

Trust: 1.1

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11745

Trust: 1.0

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-11745

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://usn.ubuntu.com/4203-1

Trust: 0.2

url:https://bugs.gentoo.org.

Trust: 0.2

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.2

url:https://security.gentoo.org/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17026

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17022

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17016

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17024

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17011

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17012

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/4203-2/

Trust: 0.1

url:https://usn.ubuntu.com/4203-1/

Trust: 0.1

url:https://usn.ubuntu.com/4203-2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-11696

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-11695

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-18508

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-11697

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-11698

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/nss/2:3.35-2ubuntu2.5

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/nss/2:3.42-1ubuntu2.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/nss/2:3.45-1ubuntu2.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.16.04.8

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2019:4152

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:1345

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-0495

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-0495

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2019:4114

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17008

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6814

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6798

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6799

Trust: 0.1

url:https://www.mozilla.org/en-us/security/advisories/mfsa2020-09/

Trust: 0.1

url:https://www.mozilla.org/en-us/security/advisories/mfsa2020-03/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6797

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6805

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17017

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6800

Trust: 0.1

url:https://www.mozilla.org/en-us/security/advisories/mfsa2020-06/

Trust: 0.1

url:https://www.mozilla.org/en-us/security/advisories/mfsa2019-37/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6806

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17010

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20503

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6796

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6811

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6807

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6812

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17005

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/thunderbird/1:68.4.1+build1-0ubuntu0.18.04.1

Trust: 0.1

url:https://usn.ubuntu.com/4241-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/thunderbird/1:68.4.1+build1-0ubuntu0.19.10.1

Trust: 0.1

url:https://security-tracker.debian.org/tracker/nss

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17007

Trust: 0.1

sources: VULMON: CVE-2019-11745 // PACKETSTORM: 155487 // PACKETSTORM: 156770 // PACKETSTORM: 155486 // PACKETSTORM: 155609 // PACKETSTORM: 157142 // PACKETSTORM: 155589 // PACKETSTORM: 156704 // PACKETSTORM: 155989 // PACKETSTORM: 156093 // PACKETSTORM: 155601 // NVD: CVE-2019-11745

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 155609 // PACKETSTORM: 157142 // PACKETSTORM: 155589 // PACKETSTORM: 156093

SOURCES

db:VULMONid:CVE-2019-11745
db:PACKETSTORMid:155487
db:PACKETSTORMid:156770
db:PACKETSTORMid:155486
db:PACKETSTORMid:155609
db:PACKETSTORMid:157142
db:PACKETSTORMid:155589
db:PACKETSTORMid:156704
db:PACKETSTORMid:155989
db:PACKETSTORMid:156093
db:PACKETSTORMid:155601
db:NVDid:CVE-2019-11745

LAST UPDATE DATE

2024-11-07T20:22:40.439000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2019-11745date:2021-02-19T00:00:00
db:NVDid:CVE-2019-11745date:2021-02-19T17:22:17.650

SOURCES RELEASE DATE

db:VULMONid:CVE-2019-11745date:2020-01-08T00:00:00
db:PACKETSTORMid:155487date:2019-11-28T01:22:40
db:PACKETSTORMid:156770date:2020-03-16T22:35:27
db:PACKETSTORMid:155486date:2019-11-28T01:22:35
db:PACKETSTORMid:155609date:2019-12-10T15:49:04
db:PACKETSTORMid:157142date:2020-04-07T16:41:47
db:PACKETSTORMid:155589date:2019-12-09T15:52:48
db:PACKETSTORMid:156704date:2020-03-12T20:16:23
db:PACKETSTORMid:155989date:2020-01-17T16:38:14
db:PACKETSTORMid:156093date:2020-01-27T22:53:39
db:PACKETSTORMid:155601date:2019-12-09T22:22:22
db:NVDid:CVE-2019-11745date:2020-01-08T20:15:12.313