Details of VAR-202010-0251

ID

VAR-202010-0251

CVE

CVE-2019-17006

TITLE

Mozilla NSS Data forgery problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201912-1134

DESCRIPTION

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. For the stable distribution (buster), these problems have been fixed in version 2:3.42.1-1+deb10u3. For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nss Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8R6BYACgkQEMKTtsN8 Tjbolg/9H3VC4r4Wmc8A4OejmH67QEZqyhzCxvd4UCpvLTJuY9JOYGy3KVhClnsz XDTqyQ8k5ez7OQt5HLy3giLJpMKUSYuSDJSbK0A3DTO5bKVg17Uol5X6RA7Coz/2 yJRRWH03dTfRoqaWQ8xHigBChTxMdYhkvh6433DzLpbuj+FV77FcivjTxZB2zFrp tHuvzN9exI4+aZCFAZPyRFct0vYHpHCP8qzgD+FMflInzBAARFPjnx8+c50+Hlp2 cB/Iq3L5EiE5T1azAAD8fgKqEGnF9OHjWxBONhXqXwhvnKKqfrLIpMf+oBvr8OEZ rKZElK0wQb6z24vDiDxFR8C8EuigYpV3YDsWwu3V8M71igw8DJseHQ/UnC4dT/Y3 QTtNtcWcheM5qiOnkiHCCZsybglI6NbdxPwfnhv9ltnunipFPtE8A56QQuOXGIcc 4P/5tRlRwAVSy+JZVCbJu7jrBe/y02RYXb6Sv5hZ0iqUAZadiFlJC0WdvWAOLJsL Z/IrRkH7KMwchOAxp5NY6qHfxXHKjFvfahglFkDsaYoEwVROKjhG5idn3NVCc656 tP5rcl1dQY4LHQZEESgps86uJGy9+8NpHHU9v9fqFZNlkBfYBWTZv0otzssOwPfu QIq7f2J77JHM8ldYzmfDVQnWBnKpnjc/B8UmvaaAkEM73N3MPu0= =VQPA -----END PGP SIGNATURE----- . ========================================================================= Ubuntu Security Notice USN-4231-1 January 08, 2020 nss vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.10 - Ubuntu 19.04 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: NSS could be made to execute arbitrary code if it received a specially crafted input. An attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: libnss3 2:3.45-1ubuntu2.2 Ubuntu 19.04: libnss3 2:3.42-1ubuntu2.5 Ubuntu 18.04 LTS: libnss3 2:3.35-2ubuntu2.7 Ubuntu 16.04 LTS: libnss3 2:3.28.4-0ubuntu0.16.04.10 Ubuntu 14.04 ESM: libnss3 2:3.28.4-0ubuntu0.14.04.5+esm4 Ubuntu 12.04 ESM: libnss3 2:3.28.4-0ubuntu0.12.04.7 After a standard system update you need to reboot your computer to make all the necessary changes. 7.7) - ppc64, ppc64le, s390x, x86_64 3. Ansible Automation Platform manages Ansible Platform jobs and workflows that can interface with any infrastructure on a Red Hat OpenShift Container Platform cluster, or on a traditional infrastructure that is running off-cluster. Bugs fixed (https://bugzilla.redhat.com/): 1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values 5. Description: Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. This advisory is intended to use with container images for Red Hat 3scale API Management 2.10.0. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 5. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Description: Red Hat OpenShift Do (odo) is a simple CLI tool for developers to create, build, and deploy applications on OpenShift. The odo tool is completely client-based and requires no server within the OpenShift cluster for deployment. It detects changes to local code and deploys it to the cluster automatically, giving instant feedback to validate changes in real-time. It supports multiple programming languages and frameworks. The advisory addresses the following issues: * Re-release of odo-init-image 1.1.3 for security updates 3. Solution: Download and install a new CLI binary by following the instructions linked from the References section. Bugs fixed (https://bugzilla.redhat.com/): 1832983 - Release of 1.1.3 odo-init-image 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: nss and nspr security, bug fix, and enhancement update Advisory ID: RHSA-2020:4076-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4076 Issue date: 2020-09-29 CVE Names: CVE-2019-11719 CVE-2019-11727 CVE-2019-11756 CVE-2019-17006 CVE-2019-17023 CVE-2020-6829 CVE-2020-12400 CVE-2020-12401 CVE-2020-12402 CVE-2020-12403 ==================================================================== 1. Summary: An update for nss, nss-softokn, nss-util, and nspr is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a later upstream version: nss (3.53.1), nss-softokn (3.53.1), nss-util (3.53.1), nspr (4.25.0). (BZ#1804262, BZ#1804264, BZ#1804271, BZ#1804273) Security Fix(es): * nss: Out-of-bounds read when importing curve25519 private key (CVE-2019-11719) * nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756) * nss: Check length of inputs for cryptographic primitives (CVE-2019-17006) * nss: Side channel attack on ECDSA signature generation (CVE-2020-6829) * nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function (CVE-2020-12400) * nss: ECDSA timing attack mitigation bypass (CVE-2020-12401) * nss: Side channel vulnerabilities during RSA key generation (CVE-2020-12402) * nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403) * nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727) * nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state (CVE-2019-17023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Memory leak: libcurl leaks 120 bytes on each connection (BZ#1688958) * NSS does not set downgrade sentinel in ServerHello.random for TLS 1.0 and TLS 1.1 (BZ#1712924) * Make TLS 1.3 work in FIPS mode (BZ#1724251) * Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name (BZ#1737910) * x25519 allowed in FIPS mode (BZ#1754518) * When NSS_SDB_USE_CACHE not set, after curl access https, dentry increase but never released - consider alternative algorithm for benchmarking ACCESS call in sdb_measureAccess (BZ#1779325) * Running ipa-backup continuously causes httpd to crash and makes it irrecoverable (BZ#1804015) * nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1857308) * KDF-self-tests-induced changes for nss in RHEL 7.9 (BZ#1870885) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, applications using NSS or NSPR (for example, Firefox) must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1688958 - Memory leak: libcurl leaks 120 bytes on each connection [rhel-7.9.z] 1724251 - Make TLS 1.3 work in FIPS mode [rhel-7.9.z] 1728436 - CVE-2019-11719 nss: Out-of-bounds read when importing curve25519 private key 1730988 - CVE-2019-11727 nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 1737910 - Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name [rhel-7.9.z] 1774835 - CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting 1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives 1779325 - when NSS_SDB_USE_CACHE not set, after curl access https, dentry increase but never released - consider alternative algorithm for benchmarking ACCESS call in sdb_measureAccess 1791225 - CVE-2019-17023 nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state 1804015 - Running ipa-backup continuously causes httpd to crash and makes it irrecoverable 1826187 - CVE-2020-6829 nss: Side channel attack on ECDSA signature generation 1826231 - CVE-2020-12402 nss: Side channel vulnerabilities during RSA key generation 1851294 - CVE-2020-12401 nss: ECDSA timing attack mitigation bypass 1853983 - CVE-2020-12400 nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function 1868931 - CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read 1870885 - KDF-self-tests-induced changes for nss in RHEL 7.9 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: nspr-4.25.0-2.el7_9.src.rpm nss-3.53.1-3.el7_9.src.rpm nss-softokn-3.53.1-6.el7_9.src.rpm nss-util-3.53.1-1.el7_9.src.rpm x86_64: nspr-4.25.0-2.el7_9.i686.rpm nspr-4.25.0-2.el7_9.x86_64.rpm nspr-debuginfo-4.25.0-2.el7_9.i686.rpm nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm nss-3.53.1-3.el7_9.i686.rpm nss-3.53.1-3.el7_9.x86_64.rpm nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-softokn-3.53.1-6.el7_9.i686.rpm nss-softokn-3.53.1-6.el7_9.x86_64.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm nss-sysinit-3.53.1-3.el7_9.x86_64.rpm nss-tools-3.53.1-3.el7_9.x86_64.rpm nss-util-3.53.1-1.el7_9.i686.rpm nss-util-3.53.1-1.el7_9.x86_64.rpm nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: nspr-debuginfo-4.25.0-2.el7_9.i686.rpm nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm nspr-devel-4.25.0-2.el7_9.i686.rpm nspr-devel-4.25.0-2.el7_9.x86_64.rpm nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-devel-3.53.1-3.el7_9.i686.rpm nss-devel-3.53.1-3.el7_9.x86_64.rpm nss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm nss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm nss-softokn-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm nss-util-devel-3.53.1-1.el7_9.i686.rpm nss-util-devel-3.53.1-1.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: nspr-4.25.0-2.el7_9.src.rpm nss-3.53.1-3.el7_9.src.rpm nss-softokn-3.53.1-6.el7_9.src.rpm nss-util-3.53.1-1.el7_9.src.rpm x86_64: nspr-4.25.0-2.el7_9.i686.rpm nspr-4.25.0-2.el7_9.x86_64.rpm nspr-debuginfo-4.25.0-2.el7_9.i686.rpm nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm nss-3.53.1-3.el7_9.i686.rpm nss-3.53.1-3.el7_9.x86_64.rpm nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-softokn-3.53.1-6.el7_9.i686.rpm nss-softokn-3.53.1-6.el7_9.x86_64.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm nss-sysinit-3.53.1-3.el7_9.x86_64.rpm nss-tools-3.53.1-3.el7_9.x86_64.rpm nss-util-3.53.1-1.el7_9.i686.rpm nss-util-3.53.1-1.el7_9.x86_64.rpm nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: nspr-debuginfo-4.25.0-2.el7_9.i686.rpm nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm nspr-devel-4.25.0-2.el7_9.i686.rpm nspr-devel-4.25.0-2.el7_9.x86_64.rpm nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-devel-3.53.1-3.el7_9.i686.rpm nss-devel-3.53.1-3.el7_9.x86_64.rpm nss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm nss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm nss-softokn-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm nss-util-devel-3.53.1-1.el7_9.i686.rpm nss-util-devel-3.53.1-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: nspr-4.25.0-2.el7_9.src.rpm nss-3.53.1-3.el7_9.src.rpm nss-softokn-3.53.1-6.el7_9.src.rpm nss-util-3.53.1-1.el7_9.src.rpm ppc64: nspr-4.25.0-2.el7_9.ppc.rpm nspr-4.25.0-2.el7_9.ppc64.rpm nspr-debuginfo-4.25.0-2.el7_9.ppc.rpm nspr-debuginfo-4.25.0-2.el7_9.ppc64.rpm nspr-devel-4.25.0-2.el7_9.ppc.rpm nspr-devel-4.25.0-2.el7_9.ppc64.rpm nss-3.53.1-3.el7_9.ppc.rpm nss-3.53.1-3.el7_9.ppc64.rpm nss-debuginfo-3.53.1-3.el7_9.ppc.rpm nss-debuginfo-3.53.1-3.el7_9.ppc64.rpm nss-devel-3.53.1-3.el7_9.ppc.rpm nss-devel-3.53.1-3.el7_9.ppc64.rpm nss-softokn-3.53.1-6.el7_9.ppc.rpm nss-softokn-3.53.1-6.el7_9.ppc64.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.ppc.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.ppc64.rpm nss-softokn-devel-3.53.1-6.el7_9.ppc.rpm nss-softokn-devel-3.53.1-6.el7_9.ppc64.rpm nss-softokn-freebl-3.53.1-6.el7_9.ppc.rpm nss-softokn-freebl-3.53.1-6.el7_9.ppc64.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.ppc.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.ppc64.rpm nss-sysinit-3.53.1-3.el7_9.ppc64.rpm nss-tools-3.53.1-3.el7_9.ppc64.rpm nss-util-3.53.1-1.el7_9.ppc.rpm nss-util-3.53.1-1.el7_9.ppc64.rpm nss-util-debuginfo-3.53.1-1.el7_9.ppc.rpm nss-util-debuginfo-3.53.1-1.el7_9.ppc64.rpm nss-util-devel-3.53.1-1.el7_9.ppc.rpm nss-util-devel-3.53.1-1.el7_9.ppc64.rpm ppc64le: nspr-4.25.0-2.el7_9.ppc64le.rpm nspr-debuginfo-4.25.0-2.el7_9.ppc64le.rpm nspr-devel-4.25.0-2.el7_9.ppc64le.rpm nss-3.53.1-3.el7_9.ppc64le.rpm nss-debuginfo-3.53.1-3.el7_9.ppc64le.rpm nss-devel-3.53.1-3.el7_9.ppc64le.rpm nss-softokn-3.53.1-6.el7_9.ppc64le.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.ppc64le.rpm nss-softokn-devel-3.53.1-6.el7_9.ppc64le.rpm nss-softokn-freebl-3.53.1-6.el7_9.ppc64le.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.ppc64le.rpm nss-sysinit-3.53.1-3.el7_9.ppc64le.rpm nss-tools-3.53.1-3.el7_9.ppc64le.rpm nss-util-3.53.1-1.el7_9.ppc64le.rpm nss-util-debuginfo-3.53.1-1.el7_9.ppc64le.rpm nss-util-devel-3.53.1-1.el7_9.ppc64le.rpm s390x: nspr-4.25.0-2.el7_9.s390.rpm nspr-4.25.0-2.el7_9.s390x.rpm nspr-debuginfo-4.25.0-2.el7_9.s390.rpm nspr-debuginfo-4.25.0-2.el7_9.s390x.rpm nspr-devel-4.25.0-2.el7_9.s390.rpm nspr-devel-4.25.0-2.el7_9.s390x.rpm nss-3.53.1-3.el7_9.s390.rpm nss-3.53.1-3.el7_9.s390x.rpm nss-debuginfo-3.53.1-3.el7_9.s390.rpm nss-debuginfo-3.53.1-3.el7_9.s390x.rpm nss-devel-3.53.1-3.el7_9.s390.rpm nss-devel-3.53.1-3.el7_9.s390x.rpm nss-softokn-3.53.1-6.el7_9.s390.rpm nss-softokn-3.53.1-6.el7_9.s390x.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.s390.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.s390x.rpm nss-softokn-devel-3.53.1-6.el7_9.s390.rpm nss-softokn-devel-3.53.1-6.el7_9.s390x.rpm nss-softokn-freebl-3.53.1-6.el7_9.s390.rpm nss-softokn-freebl-3.53.1-6.el7_9.s390x.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.s390.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.s390x.rpm nss-sysinit-3.53.1-3.el7_9.s390x.rpm nss-tools-3.53.1-3.el7_9.s390x.rpm nss-util-3.53.1-1.el7_9.s390.rpm nss-util-3.53.1-1.el7_9.s390x.rpm nss-util-debuginfo-3.53.1-1.el7_9.s390.rpm nss-util-debuginfo-3.53.1-1.el7_9.s390x.rpm nss-util-devel-3.53.1-1.el7_9.s390.rpm nss-util-devel-3.53.1-1.el7_9.s390x.rpm x86_64: nspr-4.25.0-2.el7_9.i686.rpm nspr-4.25.0-2.el7_9.x86_64.rpm nspr-debuginfo-4.25.0-2.el7_9.i686.rpm nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm nspr-devel-4.25.0-2.el7_9.i686.rpm nspr-devel-4.25.0-2.el7_9.x86_64.rpm nss-3.53.1-3.el7_9.i686.rpm nss-3.53.1-3.el7_9.x86_64.rpm nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-devel-3.53.1-3.el7_9.i686.rpm nss-devel-3.53.1-3.el7_9.x86_64.rpm nss-softokn-3.53.1-6.el7_9.i686.rpm nss-softokn-3.53.1-6.el7_9.x86_64.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm nss-softokn-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm nss-sysinit-3.53.1-3.el7_9.x86_64.rpm nss-tools-3.53.1-3.el7_9.x86_64.rpm nss-util-3.53.1-1.el7_9.i686.rpm nss-util-3.53.1-1.el7_9.x86_64.rpm nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm nss-util-devel-3.53.1-1.el7_9.i686.rpm nss-util-devel-3.53.1-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: nss-debuginfo-3.53.1-3.el7_9.ppc.rpm nss-debuginfo-3.53.1-3.el7_9.ppc64.rpm nss-pkcs11-devel-3.53.1-3.el7_9.ppc.rpm nss-pkcs11-devel-3.53.1-3.el7_9.ppc64.rpm ppc64le: nss-debuginfo-3.53.1-3.el7_9.ppc64le.rpm nss-pkcs11-devel-3.53.1-3.el7_9.ppc64le.rpm s390x: nss-debuginfo-3.53.1-3.el7_9.s390.rpm nss-debuginfo-3.53.1-3.el7_9.s390x.rpm nss-pkcs11-devel-3.53.1-3.el7_9.s390.rpm nss-pkcs11-devel-3.53.1-3.el7_9.s390x.rpm x86_64: nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm nss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: nspr-4.25.0-2.el7_9.src.rpm nss-3.53.1-3.el7_9.src.rpm nss-softokn-3.53.1-6.el7_9.src.rpm nss-util-3.53.1-1.el7_9.src.rpm x86_64: nspr-4.25.0-2.el7_9.i686.rpm nspr-4.25.0-2.el7_9.x86_64.rpm nspr-debuginfo-4.25.0-2.el7_9.i686.rpm nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm nspr-devel-4.25.0-2.el7_9.i686.rpm nspr-devel-4.25.0-2.el7_9.x86_64.rpm nss-3.53.1-3.el7_9.i686.rpm nss-3.53.1-3.el7_9.x86_64.rpm nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-devel-3.53.1-3.el7_9.i686.rpm nss-devel-3.53.1-3.el7_9.x86_64.rpm nss-softokn-3.53.1-6.el7_9.i686.rpm nss-softokn-3.53.1-6.el7_9.x86_64.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm nss-softokn-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm nss-sysinit-3.53.1-3.el7_9.x86_64.rpm nss-tools-3.53.1-3.el7_9.x86_64.rpm nss-util-3.53.1-1.el7_9.i686.rpm nss-util-3.53.1-1.el7_9.x86_64.rpm nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm nss-util-devel-3.53.1-1.el7_9.i686.rpm nss-util-devel-3.53.1-1.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm nss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-11719 https://access.redhat.com/security/cve/CVE-2019-11727 https://access.redhat.com/security/cve/CVE-2019-11756 https://access.redhat.com/security/cve/CVE-2019-17006 https://access.redhat.com/security/cve/CVE-2019-17023 https://access.redhat.com/security/cve/CVE-2020-6829 https://access.redhat.com/security/cve/CVE-2020-12400 https://access.redhat.com/security/cve/CVE-2020-12401 https://access.redhat.com/security/cve/CVE-2020-12402 https://access.redhat.com/security/cve/CVE-2020-12403 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3Ok2NzjgjWX9erEAQidHRAAn/wr+iQpt5b54IqKwTLgtnBpRshAWWk1 9xIvejwv+oMhbvULKuTeiCKZetFXErAZcyPYwChDt2X5ZoGUxsIUAAx8pphKaScM 7dLXSGqgYNtduYmBAc2XlDIk244sYednkJ12uK6AjIgtY93wPcrk7wR9wbMF6xKL 9YjsfdKso7bN3vIx43idBVvgs2yArnFYhzCu7azIHxnuiDu9QC1KUomAhEjLlFFk vjsbxL32eb/XFQ6pizoO2Nn3ZREejnAOlTu9U0Hc/u4FxRTns+HcVx6GIA+yNNMO Hfbq1cKzshd7yowumhvatQNjtddmI8pHpW78KVJPma9t8IuoegXAwsXhti39dmtG mWcT0k+1ve+f9MIjY0FpZSFZycyUnmRf+bSstBwsoTL0hHe3RLOEYWulJMZGLyyg yCE36KONSTBo2SoNUMKVlWEIFVvEs9ixq0gzr9tGtGtYra5/GZ0MZntUM2zDwX6N Kd9i7BrjujmL+x0hdjHxGd8BbIf0DO7xOrKyB6IhRu+8MO2qoQayQ3dzyzJixH4z HMk5J5qMHcC2PVxLcKyIbKerm00ZY3ZNarxYdRHmJoX7xV2K69PiPv+2+82k8138 3OVEJSsjfckX2/tinighYNX8HsTtLG8+G1THzF5oRqCS9+T6lBsoorpL+X+YqJNQ eHKv0fAxZzA=Zbhx -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 1.8

sources: NVD: CVE-2019-17006 // VULMON: CVE-2019-17006 // PACKETSTORM: 168879 // PACKETSTORM: 155889 // PACKETSTORM: 161706 // PACKETSTORM: 162026 // PACKETSTORM: 162142 // PACKETSTORM: 162130 // PACKETSTORM: 159553 // PACKETSTORM: 161916 // PACKETSTORM: 159396

AFFECTED PRODUCTS

vendor:	siemens	model:	ruggedcom rox mx5000	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx5000	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1500	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1501	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	netapp	model:	hci management node	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1400	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1510	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	netapp	model:	solidfire	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	hci compute node	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1511	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	lt	version:	3.46	Trust: 1.0
vendor:	netapp	model:	hci storage node	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1512	scope:	lt	version:	2.14.0	Trust: 1.0

sources: NVD: CVE-2019-17006

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-17006
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-201912-1134
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2019-17006
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-17006
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

nvd@nist.gov:	CVE-2019-17006
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULMON: CVE-2019-17006 // CNNVD: CNNVD-201912-1134 // NVD: CVE-2019-17006

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-20	Trust: 1.0

sources: NVD: CVE-2019-17006

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-1134

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201912-1134

PATCH

title:	Mozilla Network Security Services Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105845	Trust: 0.6
title:	Ubuntu Security Notice: nss vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4231-1	Trust: 0.1
title:	Red Hat: Moderate: nss and nspr security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203280 - Security Advisory	Trust: 0.1
title:	IBM: Security Bulletin: A security vulnerabilitiy has been fixed in IBM Security Identity Manager Virtual Appliance(CVE-2019-17006)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=a91447c5697ecfb6bbab6f4cf67cb949	Trust: 0.1
title:	Red Hat: Moderate: nss and nspr security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204076 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-4726-1 nss -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=2610caa3eacc40f97585be7c579718bd	Trust: 0.1
title:	Red Hat: Low: OpenShift Virtualization 2.4.2 Images	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204201 - Security Advisory	Trust: 0.1
title:	IBM: Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=52844442ae85845bde006e7f0170408e	Trust: 0.1
title:	Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204255 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204254 - Security Advisory	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=409c1cd1b8ef401020956950fd839000	Trust: 0.1
title:	Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204264 - Security Advisory	Trust: 0.1
title:	zot	url:	https://github.com/anuvu/zot	Trust: 0.1

sources: VULMON: CVE-2019-17006 // CNNVD: CNNVD-201912-1134

EXTERNAL IDS

db:	NVD	id:	CVE-2019-17006	Trust: 2.6
db:	SIEMENS	id:	SSA-379803	Trust: 1.7
db:	ICS CERT	id:	ICSA-21-040-04	Trust: 1.7
db:	PACKETSTORM	id:	155889	Trust: 0.7
db:	PACKETSTORM	id:	161706	Trust: 0.7
db:	PACKETSTORM	id:	162026	Trust: 0.7
db:	PACKETSTORM	id:	162142	Trust: 0.7
db:	PACKETSTORM	id:	162130	Trust: 0.7
db:	PACKETSTORM	id:	159553	Trust: 0.7
db:	PACKETSTORM	id:	161916	Trust: 0.7
db:	PACKETSTORM	id:	159396	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.0491	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3355	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3535	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2604	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2650	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0072	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0933	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3461	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1193	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0053	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0834	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2446	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0986	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0136	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0001	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3631	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1091	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1207	Trust: 0.6
db:	PACKETSTORM	id:	158724	Trust: 0.6
db:	PACKETSTORM	id:	159661	Trust: 0.6
db:	PACKETSTORM	id:	159497	Trust: 0.6
db:	PACKETSTORM	id:	161842	Trust: 0.6
db:	CS-HELP	id:	SB2021071301	Trust: 0.6
db:	CS-HELP	id:	SB2021043017	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-1134	Trust: 0.6
db:	VULMON	id:	CVE-2019-17006	Trust: 0.1
db:	PACKETSTORM	id:	168879	Trust: 0.1

sources: VULMON: CVE-2019-17006 // PACKETSTORM: 168879 // PACKETSTORM: 155889 // PACKETSTORM: 161706 // PACKETSTORM: 162026 // PACKETSTORM: 162142 // PACKETSTORM: 162130 // PACKETSTORM: 159553 // PACKETSTORM: 161916 // PACKETSTORM: 159396 // CNNVD: CNNVD-201912-1134 // NVD: CVE-2019-17006

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04	Trust: 2.3
url:	https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.46_release_notes	Trust: 1.7
url:	https://bugzilla.mozilla.org/show_bug.cgi?id=1539788	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20210129-0001/	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17006	Trust: 1.5
url:	https://access.redhat.com/security/cve/cve-2019-17006	Trust: 1.3
url:	https://usn.ubuntu.com/4231-1/	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2020-12403	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2019-11756	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11756	Trust: 0.7
url:	https://bugzilla.redhat.com/):	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17023	Trust: 0.6
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12403	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193395-1.html	Trust: 0.6
url:	https://www.debian.org/lts/security/2020/dla-2058	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2020/suse-su-20200088-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3535/	Trust: 0.6
url:	https://packetstormsecurity.com/files/155889/ubuntu-security-notice-usn-4231-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/159396/red-hat-security-advisory-2020-4076-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0072/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0136/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1207	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0834	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0933	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerabilitiy-has-been-fixed-in-ibm-security-identity-manager-virtual-appliancecve-2019-17006/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2019-17006-cve-2019-17023-cve-2020-12403/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nss-and-nspr-cve-2019-17006/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3355/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1091	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1193	Trust: 0.6
url:	https://packetstormsecurity.com/files/159497/red-hat-security-advisory-2020-4201-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/159553/red-hat-security-advisory-2020-4255-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-security-vulnerabilities-7/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0986	Trust: 0.6
url:	https://vigilance.fr/vulnerability/mozilla-nss-buffer-overflow-via-cryptographic-primitives-31248	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0053/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021071301	Trust: 0.6
url:	https://packetstormsecurity.com/files/158724/red-hat-security-advisory-2020-3280-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2650/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0001/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2604	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0491	Trust: 0.6
url:	https://packetstormsecurity.com/files/161706/red-hat-security-advisory-2021-0758-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2446/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159661/red-hat-security-advisory-2020-4264-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021043017	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2019-17006-cve-2019-17023-cve-2020-12403-2/	Trust: 0.6
url:	https://packetstormsecurity.com/files/161916/red-hat-security-advisory-2021-0949-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/162142/red-hat-security-advisory-2021-1079-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/161842/red-hat-security-advisory-2021-0876-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3461/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3631/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-multiple-mozilla-firefox-vulnerabilities/	Trust: 0.6
url:	https://packetstormsecurity.com/files/162026/red-hat-security-advisory-2021-1026-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/162130/red-hat-security-advisory-2021-1129-01.html	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12402	Trust: 0.5
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-12401	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-11719	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-17023	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-6829	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12400	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-12400	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-11727	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11719	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11727	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-12402	Trust: 0.5
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5188	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-12749	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14866	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-7595	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20843	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20388	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12401	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12243	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12749	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-14866	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-20388	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19956	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-12243	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5094	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-5188	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-15903	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-5094	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15903	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-19956	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-17498	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17498	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2018-20843	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-20907	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1971	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-8177	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-1971	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20907	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2017-12652	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17546	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14973	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-17546	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12652	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-14973	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-5313	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-19126	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19126	Trust: 0.2
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6829	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/345.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111311	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12399	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/nss	Trust: 0.1
url:	https://usn.ubuntu.com/4231-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nss/2:3.45-1ubuntu2.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nss/2:3.42-1ubuntu2.5	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nss/2:3.35-2ubuntu2.7	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.16.04.10	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0758	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1026	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1079	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8625	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15999	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20228	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3156	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3447	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-5313	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20191	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20180	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15999	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14422	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20178	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14422	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25211	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1129	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12723	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25645	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25656	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-28374	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14351	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25705	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-29661	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20265	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-0427	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14351	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19532	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12723	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-7053	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14040	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14040	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9283	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-0427	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19532	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1240	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20386	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-18874	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12450	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4255	Trust: 0.1
url:	https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14822	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14822	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20386	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18874	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14365	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-16935	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-5482	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16935	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5482	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12450	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#low	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0949	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8177	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.4/cli_reference/openshift_developer_cli/installing-odo.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7595	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4076	Trust: 0.1

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 161706 // PACKETSTORM: 162026 // PACKETSTORM: 162142 // PACKETSTORM: 162130 // PACKETSTORM: 159553 // PACKETSTORM: 161916 // PACKETSTORM: 159396

SOURCES

db:	VULMON	id:	CVE-2019-17006
db:	PACKETSTORM	id:	168879
db:	PACKETSTORM	id:	155889
db:	PACKETSTORM	id:	161706
db:	PACKETSTORM	id:	162026
db:	PACKETSTORM	id:	162142
db:	PACKETSTORM	id:	162130
db:	PACKETSTORM	id:	159553
db:	PACKETSTORM	id:	161916
db:	PACKETSTORM	id:	159396
db:	CNNVD	id:	CNNVD-201912-1134
db:	NVD	id:	CVE-2019-17006

LAST UPDATE DATE

2024-12-21T22:21:12.123000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2019-17006	date:	2021-02-19T00:00:00
db:	CNNVD	id:	CNNVD-201912-1134	date:	2021-08-04T00:00:00
db:	NVD	id:	CVE-2019-17006	date:	2024-11-21T04:31:31.573

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2019-17006	date:	2020-10-22T00:00:00
db:	PACKETSTORM	id:	168879	date:	2020-07-28T19:12:00
db:	PACKETSTORM	id:	155889	date:	2020-01-09T15:06:17
db:	PACKETSTORM	id:	161706	date:	2021-03-09T15:56:20
db:	PACKETSTORM	id:	162026	date:	2021-03-30T14:29:43
db:	PACKETSTORM	id:	162142	date:	2021-04-09T15:06:13
db:	PACKETSTORM	id:	162130	date:	2021-04-08T14:00:00
db:	PACKETSTORM	id:	159553	date:	2020-10-14T16:52:18
db:	PACKETSTORM	id:	161916	date:	2021-03-22T15:36:55
db:	PACKETSTORM	id:	159396	date:	2020-09-30T15:50:53
db:	CNNVD	id:	CNNVD-201912-1134	date:	2019-12-26T00:00:00
db:	NVD	id:	CVE-2019-17006	date:	2020-10-22T21:15:12.560