INFBA-2024:6680: NSS security update
Information about definition
Identificator: INFBA-2024:6680
Type: bugfix
Release date: 2025-03-05 16:49:59 UTC
Information about package
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
Vulnerabilities description
- CVE-2024-6602
A mismatch between allocator and deallocator could have lead to memory corruption. Bug Fixes and Enhancements * Rebase NSS to 3.101 for Firefox. * nss: Mozilla: Memory corruption in NSS. * nss: Mozilla: Memory corruption in NSS [rhel-8.10.z]. * In FIPS mode, NSS DH_NewKey() fails because RNG_RNGInit() was never called. * nss: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines [rhel-8.10.z].
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-6602
|
no information | 6.1 | no information |
Updated packages