SynopsisThe remote CentOS host is missing one or more security updates.
DescriptionAn update for nss, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
The nss-softokn package provides the Network Security Services Softoken Cryptographic Module.
The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries.
Security Fix(es) :
* nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745)
* nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
SolutionUpdate the affected nss, nss-softokn and / or nss-util packages.