Описание
ELSA-2018-2898: nss security update (MODERATE)
[3.36.0-9.0.1]
- Added nss-vendor.patch to change vendor
- Temporarily disable some tests until expired PayPalEE.cert is renewed
[3.36.0-9]
- Backport upstream fix for CVE-2018-12384
- Remove nss-lockcert-api-change.patch, which turned out to be a mistake (the symbol was not exported from libnss)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
nss
3.36.0-9.0.1.el6_10
nss-devel
3.36.0-9.0.1.el6_10
nss-pkcs11-devel
3.36.0-9.0.1.el6_10
nss-sysinit
3.36.0-9.0.1.el6_10
nss-tools
3.36.0-9.0.1.el6_10
Oracle Linux i686
nss
3.36.0-9.0.1.el6_10
nss-devel
3.36.0-9.0.1.el6_10
nss-pkcs11-devel
3.36.0-9.0.1.el6_10
nss-sysinit
3.36.0-9.0.1.el6_10
nss-tools
3.36.0-9.0.1.el6_10
Связанные CVE
Связанные уязвимости
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.
When handling a SSLv2-compatible ClientHello request, the server doesn ...
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.