ELSA-2024-12337

Опубликовано: 19 апр. 2024

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2024-12337: nss security update (MODERATE)

[3.90.0-6_fips]

Add FIPS package change: add fips suffix to Release and set Epoch to 10 [Orabug: 35862190]
Update FIPS module name for Oracle Linux [Orabug: 35862190]

[3.90.0-6]

Fix ecc DER wrapping.

[3.90.0-5]

Pick up validated constant time implementations of p256, p384, and p521 from upsream
More Fips indicator changes

[3.90.0-4]

FIPS review changes
add PORT_SafeZero to avoid compiler optimizing a way zeroing memory.
update the indicators for this release
allow hashing of longer than int32 values in a single PKCS #11 call.

[3.90.0-3.3]

Fix expired certs in tests
Fix CVE-2023-5388

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

nspr

4.35.0-6.el9_3_fips

nspr-devel

4.35.0-6.el9_3_fips

nss

3.90.0-6.el9_3_fips

nss-devel

3.90.0-6.el9_3_fips

nss-pkcs11-devel

3.90.0-6.el9_3_fips

nss-softokn

3.90.0-6.el9_3_fips

nss-softokn-devel

3.90.0-6.el9_3_fips

nss-softokn-freebl

3.90.0-6.el9_3_fips

nss-softokn-freebl-devel

3.90.0-6.el9_3_fips

nss-sysinit

3.90.0-6.el9_3_fips

nss-tools

3.90.0-6.el9_3_fips

nss-util

3.90.0-6.el9_3_fips

nss-util-devel

3.90.0-6.el9_3_fips

Oracle Linux x86_64

nspr

4.35.0-6.el9_3_fips

nspr-devel

4.35.0-6.el9_3_fips

nss

3.90.0-6.el9_3_fips

nss-devel

3.90.0-6.el9_3_fips

nss-pkcs11-devel

3.90.0-6.el9_3_fips

nss-softokn

3.90.0-6.el9_3_fips

nss-softokn-devel

3.90.0-6.el9_3_fips

nss-softokn-freebl

3.90.0-6.el9_3_fips

nss-softokn-freebl-devel

3.90.0-6.el9_3_fips

nss-sysinit

3.90.0-6.el9_3_fips

nss-tools

3.90.0-6.el9_3_fips

nss-util

3.90.0-6.el9_3_fips

nss-util-devel

3.90.0-6.el9_3_fips

Связанные CVE

CVE-2023-6135

Ссылки на источники

Связанные уязвимости

CVE-2023-6135

CVSS3: 4.3

ubuntu

больше 1 года назад

Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.

CVE-2023-6135

CVSS3: 4.3

redhat

больше 1 года назад

CVE-2023-6135

CVSS3: 4.3

nvd

больше 1 года назад

CVE-2023-6135

CVSS3: 4.3

debian

больше 1 года назад

Multiple NSS NIST curves were susceptible to a side-channel attack kno ...

RLSA-2024:0786

rocky

больше 1 года назад

Moderate: nss security update