FortiClient Vulnerability

RedHat nspr CVE-2020-25648 Denial of Service Vulnerability

Description

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a later upstream version: nss (3.67.0), nspr (4.32.0). (BZ#1967980) Security Fix(es): nss: TLS 1.3 CCS flood remote DoS Attack (CVE-2020-25648) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): 8025 error code when creating subCAs (BZ#1977412) NSS cannot use SQL databases created by specific versions of NSS (BZ#1978443) Inconsistent handling of malformed CertificateRequest messages (BZ#1980050) 8025 error code when creating subCAs (BZ#1977412) NSS cannot use SQL databases created by specific versions of NSS (BZ#1978443) Inconsistent handling of malformed CertificateRequest messages (BZ#1980050) Enhancement(s): [IBM 8.5 FEAT] [P10] POWER10 performance enhancements for cryptography: NSS FreeBL (BZ#1978257) SolutionFor details on how to apply this update, which includes the changes described in this advisory, refer to:https://access.redhat.com/articles/11258 After installing this update, applications using NSS (for example, Firefox) must be restarted for this update to take effect. After installing this update, applications using NSPR (for example, Firefox) must be restarted for this update to take effect.