CVE-2019-17006: nss: crypto primitives missing length checks

Bug #1906471 reported by Ghada Khalil
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
Joe Slater

Bug Description

CVE-2019-17006: nss: crypto primitives missing length checks

CVSSv2: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Description:
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.

References:
https://nvd.nist.gov/vuln/detail/CVE-2019-17006
https://access.redhat.com/errata/RHSA-2020:4076
https://lists.centos.org/pipermail/centos-cr-announce/2020-November/012876.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-November/012877.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-November/012878.html
https://lists.centos.org/pipermail/centos-cr-announce/2020-November/012879.html

nss required package version:
nss-3.53.1-3.el7_9.src.rpm

Packages:
nss
nss-tools
nss-sysinit

nspr required package version:
nspr-4.25.0-2.el7_9.src.rpm

Packages:
nspr

nss-softokn required package version:
nss-softokn-3.53.1-6.el7_9.src.rpm

Packages:
nss-softokn
nss-softokn-freebl

nss-util required package version:
nss-util-3.53.1-1.el7_9.src.rpm

Packages:
nss-util

Found during November 2020 StarlingX CVE Scan

Revision history for this message
Ghada Khalil (gkhalil) wrote :

The process is to address the CVE in stx master first and then cherrypick to the r/stx.4.0 release branch after some soak time

Changed in starlingx:
importance: Undecided → High
status: New → Triaged
tags: added: stx.4.0 stx.5.0 stx.security
Ghada Khalil (gkhalil)
Changed in starlingx:
assignee: nobody → Joe Slater (jslater0wind)
Changed in starlingx:
status: Triaged → Fix Released
Revision history for this message
Joe Slater (jslater0wind) wrote :
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tools (f/centos8)

Fix proposed to branch: f/centos8
Review: https://review.opendev.org/c/starlingx/tools/+/792229

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on tools (f/centos8)

Change abandoned by "Chuck Short <email address hidden>" on branch: f/centos8
Review: https://review.opendev.org/c/starlingx/tools/+/792229
Reason: Updated merge coming

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tools (f/centos8)

Fix proposed to branch: f/centos8
Review: https://review.opendev.org/c/starlingx/tools/+/793627

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (f/centos8)
Download full text (30.4 KiB)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/793627
Committed: https://opendev.org/starlingx/tools/commit/d701c6f896dfe440566cc942e3dd71be1f19ae5d
Submitter: "Zuul (22348)"
Branch: f/centos8

commit 7b5f3a45e663866a3c0ca3ca86eb3c92bc7f0210
Author: Scott Little <email address hidden>
Date: Wed May 5 09:56:33 2021 -0400

    fix bad flockflock url pt 2

    A stray '}' character found it's way into my prior update
    titled 'fix bad flockflock url' after testing. The result was
    the following error

    sed: -e expression #1, char 15: unexpected `}'

    This removes the unwanted '}', restoring the prior update
    to its intended form.

    Closes-bug: 1926987
    Signed-off-by: Scott Little <email address hidden>
    Change-Id: I48f4721ccaf121679916b01747243deedf5836cd

commit ac05493480f6df6f31d071d29380c1b4f35b70a9
Author: Scott Little <email address hidden>
Date: Tue May 4 12:42:36 2021 -0400

    fix git-review within docker build environment

    'tb create' fails to create a build environment since
    upstream git-review was updated of Apr 26.

    Fix is to install/update pbr ahead of git-review.

    Also, to reduce the likelyhood of this recurring, lock
    down specific versions of the pypi supplied tools we
    know to work.

    Closes-bug: 1927137
    Signed-off-by: Scott Little <email address hidden>
    Change-Id: Ib9fe6fd33de4d637f254ac421cc0427ee6131b65

commit b96ebc83d859a4a7802a462504817ecec6182a7b
Author: Scott Little <email address hidden>
Date: Mon May 3 13:16:53 2021 -0400

    fix bad flockflock url

    download_mirror.sh fails due to a bad path containing
    ‘stx-tools/centos-mirror-tools/config/centos/flockflock’

    The path is constructed, and the trigger is when an EOL is missing
    from a centos_build_layer.cfg file, causing 'cat' to merge the last
    line of the offending file with the first line of the next file.

    Switch 'cat' to 'grep', which will always ensure an EOL is present.
    Along the way, we can filter out empty lines and comments.

    Closes-bug: 1926987
    Signed-off-by: Scott Little <email address hidden>
    Change-Id: I2404b3415f0f3e2f395c2bcb7a527aa01a488f61

commit 4c3ee114bcbff710c2049626044dd1ddc756cbd9
Author: Joe Slater <email address hidden>
Date: Tue Apr 27 18:50:53 2021 -0400

    screen: fix CVE-2021-26937 segfault

    Advance to screen-4.1.0-0.27.20120314git3c2946.el7_9.x86_64.rpm.

    Closes-bug: 1926372
    Change-Id: I41834e7b1e16153b0632751f59f7ac9f503389da
    Signed-off-by: Joe Slater <email address hidden>

commit e31e0dda7a4c09143d41cd518ab97ea6112d7fb5
Author: Li Zhou <email address hidden>
Date: Tue Apr 13 04:53:50 2021 -0400

    systemd: Upgrade to version 219-78.el7_9.3

    Refer the lst entries to the new version.

    Partial-Bug: #1924691
    Signed-off-by: Li Zhou <email address hidden>
    Change-Id: I557eff6a47f341cc67de02fd59024b28bb6cac84

commit 26db2859dd3a5c060c337b886fd16c4d2d9f93af
Author: Scott Little <email address hidden>
Date: Mon Apr 12 11:21:31 2021 -0400

    Replace basearch references in y...

tags: added: in-f-centos8
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.