CLSA-2021-1638804170

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2021-1638804170.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2021-1638804170
Upstream
Published
2021-12-06T15:22:50Z
Modified
2026-06-01T00:33:24.390936149Z
Summary
Fixed CVE-2021-43527 in nss
Details
  • CVE-2021-43527: Fix memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS)
  • Update to CKBI 2.50 from NSS 3.67
  • Removing:
  • # Certificate "Verisign Class 3 Public Primary Certification Authority - G3"
  • # Certificate "AddTrust Low-Value Services Root"
  • # Certificate "AddTrust External Root"
  • # Certificate "GeoTrust Global CA"
  • # Certificate "GeoTrust Universal CA"
  • # Certificate "GeoTrust Universal CA 2"
  • # Certificate "QuoVadis Root CA"
  • # Certificate "Sonera Class 2 Root CA"
  • # Certificate "UTN USERFirst Email Root CA"
  • # Certificate "Taiwan GRCA"
  • # Certificate "Certplus Class 2 Primary CA"
  • # Certificate "GeoTrust Primary Certification Authority"
  • # Certificate "thawte Primary Root CA"
  • # Certificate "VeriSign Class 3 Public Primary Certification Authority - G5"
  • # Certificate "Deutsche Telekom Root CA 2"
  • # Certificate "GeoTrust Primary Certification Authority - G3"
  • # Certificate "thawte Primary Root CA - G2"
  • # Certificate "thawte Primary Root CA - G3"
  • # Certificate "GeoTrust Primary Certification Authority - G2"
  • # Certificate "VeriSign Universal Root Certification Authority"
  • # Certificate "VeriSign Class 3 Public Primary Certification Authority - G4"
  • # Certificate "Staat der Nederlanden Root CA - G2"
  • # Certificate "Trustis FPS Root CA"
  • # Certificate "EE Certification Centre Root CA"
  • # Certificate "Swisscom Root CA 2"
  • # Certificate "Certinomis - Root CA"
  • # Certificate "LuxTrust Global Root 2"
  • # Certificate "Symantec Class 1 Public Primary Certification Authority - G4"
  • # Certificate "Symantec Class 2 Public Primary Certification Authority - G4"
  • Adding:
  • # Certificate "Entrust Root Certification Authority - G4"
  • # Certificate "Microsoft ECC Root Certificate Authority 2017"
  • # Certificate "Microsoft RSA Root Certificate Authority 2017"
  • # Certificate "e-Szigno Root CA 2017"
  • # Certificate "certSIGN Root CA G2"
  • # Certificate "Trustwave Global Certification Authority"
  • # Certificate "Trustwave Global ECC P256 Certification Authority"
  • # Certificate "Trustwave Global ECC P384 Certification Authority"
  • # Certificate "NAVER Global Root Certification Authority"
  • # Certificate "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
  • # Certificate "GlobalSign Secure Mail Root R45"
  • # Certificate "GlobalSign Secure Mail Root E45"
  • # Certificate "GlobalSign Root R46"
  • # Certificate "GlobalSign Root E46"
  • # Certificate "GLOBALTRUST 2020"
  • # Certificate "ANF Secure Server Root CA"
  • # Certificate "Certum EC-384 CA"
  • # Certificate "Certum Trusted Root CA"
  • revert last change. Patch was for nss-softokn
  • Fix out-of-bounds write in NSC_EncryptUpdate (#1775909)
References

Affected packages

TuxCare:OracleLinux:6
nss

Package

Name
nss
Purl
pkg:rpm/tuxcare/nss?distro=oraclelinux-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.44.0-12.el6.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2021-1638804170.json"
nss-devel

Package

Name
nss-devel
Purl
pkg:rpm/tuxcare/nss-devel?distro=oraclelinux-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.44.0-12.el6.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2021-1638804170.json"
nss-pkcs11-devel

Package

Name
nss-pkcs11-devel
Purl
pkg:rpm/tuxcare/nss-pkcs11-devel?distro=oraclelinux-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.44.0-12.el6.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2021-1638804170.json"
nss-sysinit

Package

Name
nss-sysinit
Purl
pkg:rpm/tuxcare/nss-sysinit?distro=oraclelinux-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.44.0-12.el6.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2021-1638804170.json"
nss-tools

Package

Name
nss-tools
Purl
pkg:rpm/tuxcare/nss-tools?distro=oraclelinux-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.44.0-12.el6.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2021-1638804170.json"