As per Mozilla upstream a CVE flaw was fixed via: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes Bug 1539788 - Add length checks for cryptographic primitives (CVE-2019-17006)
Acknowledgments: Name: the Mozilla Project
This issue was fixed upstream via nss-3.46
External References: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes
Upstream bug (currently non-public): https://bugzilla.mozilla.org/show_bug.cgi?id=1539788 Upstream patches: https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34 https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3280 https://access.redhat.com/errata/RHSA-2020:3280
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-17006
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4076 https://access.redhat.com/errata/RHSA-2020:4076
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2021:0758 https://access.redhat.com/errata/RHSA-2021:0758
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2021:0876 https://access.redhat.com/errata/RHSA-2021:0876
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2021:1026 https://access.redhat.com/errata/RHSA-2021:1026