Dear all,
Network Security Services (NSS) 3.68.4 was released on 31st May 2022.
This
release fixes memory safety violations that can
occur when parsing CMS data. We
presume that with enough effort these memory safety violations are
exploitable.
The HG tag is NSS_3_68_4_RTM. This version of NSS requires NSPR 4.32 or newer.
NSS 3.68.4 source distributions are available on
ftp.mozilla.org for secure HTTPS download: <
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_4_RTM/src/>
Change:
- Bug 1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
NSS
3.68.4 shared libraries are backwards-compatible with all older NSS 3.x
shared libraries. A program linked with older NSS 3.x shared libraries
will work with this new version of the shared libraries without
recompiling or relinking. Furthermore, applications that restrict their
use of NSS APIs to the functions listed in NSS Public Functions will
remain compatible with future versions of the NSS shared libraries.
Bugs discovered should be reported by filing a bug report at <
https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>
Best,
Dennis