Описание
ELSA-2018-2768: nss security update (MODERATE)
[3.36.0-7]
- Backport upstream fix for CVE-2018-12384
- Remove nss-lockcert-api-change.patch, which turned out to be a mistake (the symbol was not exported from libnss)
[3.36.0-6]
- Exercise SSL tests which only run under non-FIPS setting
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
nss
3.36.0-7.el7_5
nss-devel
3.36.0-7.el7_5
nss-pkcs11-devel
3.36.0-7.el7_5
nss-sysinit
3.36.0-7.el7_5
nss-tools
3.36.0-7.el7_5
Oracle Linux x86_64
nss
3.36.0-7.el7_5
nss-devel
3.36.0-7.el7_5
nss-pkcs11-devel
3.36.0-7.el7_5
nss-sysinit
3.36.0-7.el7_5
nss-tools
3.36.0-7.el7_5
Связанные CVE
Связанные уязвимости
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.
When handling a SSLv2-compatible ClientHello request, the server doesn ...
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.