[CLSA-2023:1681328662] Fix CVE(s): CVE-2023-0767

Type:

security

Severity:

Important

Release date:

2023-04-12 20:41:25 UTC

Description:

   * SECURITY UPDATE: An attacker could construct a PKCS 12 cert bundle in such
     a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag
     attributes being mishandled
     - debian/patches/CVE-2023-0767.patch: improve handling of unknown PKCS#12
       safe bag types
     - CVE-2023-0767

Updated packages:

libnss3_3.28.4-0ubuntu0.16.04.14+tuxcare.els5_amd64.deb
sha:af42e001fd6150703dedf1627ee6e7649dd181ee
libnss3-1d_3.28.4-0ubuntu0.16.04.14+tuxcare.els5_amd64.deb
sha:9fffb5faa58ea8c99079f4334d115471a8fa7a6b
libnss3-dev_3.28.4-0ubuntu0.16.04.14+tuxcare.els5_amd64.deb
sha:00e3b1c323bb238c7b4a37670bb9e8ed3bd19140
libnss3-nssdb_3.28.4-0ubuntu0.16.04.14+tuxcare.els5_all.deb
sha:32e05e32ab82dc9aa4b25ded515507a16de00159
libnss3-tools_3.28.4-0ubuntu0.16.04.14+tuxcare.els5_amd64.deb
sha:72a2650c9a2a0dcce5dbe7e5533eb740b8021600

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.