Support Content Notification - Support Portal

USN-4203-1: NSS vulnerability

Product/Component

Notification Id

23682

Last Updated

18 December 2019

Initial Publication Date

18 December 2019

Status

CLOSED

Severity

MEDIUM

CVSS Base Score

WorkAround

Affected CVE

CVE-2019-11745

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

Canonical Ubuntu 16.04

Description

It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVEs contained in this USN include: CVE-2019-11745

Affected VMware Products and Versions

Severity is medium unless otherwise noted.

Pivotal Operations Manager
- 2.7.x versions prior to 2.7.7
- 2.6.x versions prior to 2.6.17
- 2.5.x versions prior to 2.5.25

Mitigation

Pivotal Operations Manager
- 2.7.7
- 2.6.17
- 2.5.25

References

https://usn.ubuntu.com/4203-1
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-11745