Bug 2170377 (CVE-2023-0767)
| Summary: | CVE-2023-0767 nss: Arbitrary memory write via PKCS 12 | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | arachman, asosedki, erack, jhorak, lveyde, michal.skrivanek, mperina, nobody, nss-nspr-maint, rrelyea, saroy, sbonazzo, ssorce, stransky, thoger, tpopela |
| Target Milestone: | --- | Keywords: | Reopened, Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | firefox 102.8, thunderbird 102.8, nss 3.88.1, nss 3.79.4 | Doc Type: | If docs needed, set a value |
| Doc Text: |
The Mozilla Foundation Security Advisory describes this flaw as:
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-03-23 13:47:02 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2176392, 2176620, 2176621, 2176622, 2176623, 2176624, 2176625, 2176626, 2176627, 2176628, 2176629, 2176630, 2176631, 2177157, 2177158, 2177159, 2177160, 2177161, 2177162, 2177218, 2178006 | ||
| Bug Blocks: | 2177152 | ||
|
Description
Dhananjay Arunesh
2023-02-16 09:09:10 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:0806 https://access.redhat.com/errata/RHSA-2023:0806 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:0805 https://access.redhat.com/errata/RHSA-2023:0805 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:0809 https://access.redhat.com/errata/RHSA-2023:0809 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0810 https://access.redhat.com/errata/RHSA-2023:0810 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:0807 https://access.redhat.com/errata/RHSA-2023:0807 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:0811 https://access.redhat.com/errata/RHSA-2023:0811 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:0808 https://access.redhat.com/errata/RHSA-2023:0808 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:0812 https://access.redhat.com/errata/RHSA-2023:0812 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:0818 https://access.redhat.com/errata/RHSA-2023:0818 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:0819 https://access.redhat.com/errata/RHSA-2023:0819 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:0822 https://access.redhat.com/errata/RHSA-2023:0822 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:0817 https://access.redhat.com/errata/RHSA-2023:0817 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0824 https://access.redhat.com/errata/RHSA-2023:0824 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:0820 https://access.redhat.com/errata/RHSA-2023:0820 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:0821 https://access.redhat.com/errata/RHSA-2023:0821 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:0823 https://access.redhat.com/errata/RHSA-2023:0823 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-0767 Created nss tracking bugs for this issue: Affects: fedora-all [bug 2176392] This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1252 https://access.redhat.com/errata/RHSA-2023:1252 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:1332 https://access.redhat.com/errata/RHSA-2023:1332 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:1365 https://access.redhat.com/errata/RHSA-2023:1365 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:1368 https://access.redhat.com/errata/RHSA-2023:1368 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Extended Lifecycle Support Via RHSA-2023:1366 https://access.redhat.com/errata/RHSA-2023:1366 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:1369 https://access.redhat.com/errata/RHSA-2023:1369 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:1370 https://access.redhat.com/errata/RHSA-2023:1370 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:1406 https://access.redhat.com/errata/RHSA-2023:1406 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:1436 https://access.redhat.com/errata/RHSA-2023:1436 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-0767 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:1479 https://access.redhat.com/errata/RHSA-2023:1479 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2023:1677 https://access.redhat.com/errata/RHSA-2023:1677 |