Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:1850-1

Опубликовано: 06 июл. 2020
Источник: suse-cvrf

Описание

Security update for mozilla-nss

This update for mozilla-nss fixes the following issues:

mozilla-nss was updated to version 3.53.1

  • CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032)
  • Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669).

Список пакетов

Container bci/openjdk-devel:11
libfreebl3-3.53.1-3.45.1
libfreebl3-hmac-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
libsoftokn3-hmac-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
Container bci/openjdk:latest
libfreebl3-3.53.1-3.45.1
libfreebl3-hmac-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
libsoftokn3-hmac-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
Container caasp/v4/389-ds:1.4.2
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
mozilla-nss-tools-3.53.1-3.45.1
Container caasp/v4/hyperkube:v1.17.17
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
Container ses/6/cephcsi/cephcsi:latest
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
Container ses/6/rook/ceph:latest
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
Container suse/pcp:latest
libfreebl3-3.53.1-3.45.1
libfreebl3-hmac-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
libsoftokn3-hmac-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
Image SLES15-SP3-BYOS-Azure
mozilla-nss-certs-3.53.1-3.45.1
Image SLES15-SP3-BYOS-EC2-HVM
mozilla-nss-certs-3.53.1-3.45.1
Image SLES15-SP3-BYOS-GCE
mozilla-nss-certs-3.53.1-3.45.1
Image SLES15-SP3-EC2-ECS-HVM
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
Image SLES15-SP3-EC2-HVM
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
Image SLES15-SP3-GCE
mozilla-nss-certs-3.53.1-3.45.1
Image SLES15-SP3-HPC-Azure
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
Image SLES15-SP3-HPC-BYOS-Azure
mozilla-nss-certs-3.53.1-3.45.1
Image SLES15-SP3-HPC-BYOS-EC2-HVM
mozilla-nss-certs-3.53.1-3.45.1
Image SLES15-SP3-HPC-BYOS-GCE
mozilla-nss-certs-3.53.1-3.45.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
Image SLES15-SP3-Micro-BYOS-GCE
libfreebl3-3.53.1-3.45.1
Image SLES15-SP3-SAP-Azure
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
mozilla-nss-tools-3.53.1-3.45.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
mozilla-nss-tools-3.53.1-3.45.1
Image SLES15-SP3-SAP-BYOS-Azure
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
mozilla-nss-tools-3.53.1-3.45.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
mozilla-nss-tools-3.53.1-3.45.1
Image SLES15-SP3-SAP-BYOS-GCE
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
mozilla-nss-tools-3.53.1-3.45.1
Image SLES15-SP3-SAP-EC2-HVM
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
Image SLES15-SP3-SAP-GCE
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
Image SLES15-SP3-SAPCAL-Azure
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
Image SLES15-SP3-SAPCAL-EC2-HVM
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
Image SLES15-SP3-SAPCAL-GCE
libfreebl3-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
libfreebl3-3.53.1-3.45.1
libfreebl3-32bit-3.53.1-3.45.1
libfreebl3-hmac-3.53.1-3.45.1
libfreebl3-hmac-32bit-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
libsoftokn3-32bit-3.53.1-3.45.1
libsoftokn3-hmac-3.53.1-3.45.1
libsoftokn3-hmac-32bit-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-32bit-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
mozilla-nss-certs-32bit-3.53.1-3.45.1
mozilla-nss-devel-3.53.1-3.45.1
mozilla-nss-sysinit-3.53.1-3.45.1
mozilla-nss-tools-3.53.1-3.45.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
libfreebl3-3.53.1-3.45.1
libfreebl3-32bit-3.53.1-3.45.1
libfreebl3-hmac-3.53.1-3.45.1
libfreebl3-hmac-32bit-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
libsoftokn3-32bit-3.53.1-3.45.1
libsoftokn3-hmac-3.53.1-3.45.1
libsoftokn3-hmac-32bit-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-32bit-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
mozilla-nss-certs-32bit-3.53.1-3.45.1
mozilla-nss-devel-3.53.1-3.45.1
mozilla-nss-sysinit-3.53.1-3.45.1
mozilla-nss-tools-3.53.1-3.45.1
SUSE Linux Enterprise Module for Basesystem 15 SP1
libfreebl3-3.53.1-3.45.1
libfreebl3-32bit-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
libsoftokn3-32bit-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-32bit-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
mozilla-nss-certs-32bit-3.53.1-3.45.1
mozilla-nss-devel-3.53.1-3.45.1
mozilla-nss-sysinit-3.53.1-3.45.1
mozilla-nss-tools-3.53.1-3.45.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
libfreebl3-3.53.1-3.45.1
libfreebl3-32bit-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
libsoftokn3-32bit-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-32bit-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
mozilla-nss-certs-32bit-3.53.1-3.45.1
mozilla-nss-devel-3.53.1-3.45.1
mozilla-nss-sysinit-3.53.1-3.45.1
mozilla-nss-tools-3.53.1-3.45.1
SUSE Linux Enterprise Module for Server Applications 15 SP1
libfreebl3-hmac-3.53.1-3.45.1
libsoftokn3-hmac-3.53.1-3.45.1
SUSE Linux Enterprise Module for Server Applications 15 SP2
libfreebl3-hmac-3.53.1-3.45.1
libsoftokn3-hmac-3.53.1-3.45.1
SUSE Linux Enterprise Server 15-LTSS
libfreebl3-3.53.1-3.45.1
libfreebl3-32bit-3.53.1-3.45.1
libfreebl3-hmac-3.53.1-3.45.1
libfreebl3-hmac-32bit-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
libsoftokn3-32bit-3.53.1-3.45.1
libsoftokn3-hmac-3.53.1-3.45.1
libsoftokn3-hmac-32bit-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-32bit-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
mozilla-nss-certs-32bit-3.53.1-3.45.1
mozilla-nss-devel-3.53.1-3.45.1
mozilla-nss-sysinit-3.53.1-3.45.1
mozilla-nss-tools-3.53.1-3.45.1
SUSE Linux Enterprise Server for SAP Applications 15
libfreebl3-3.53.1-3.45.1
libfreebl3-32bit-3.53.1-3.45.1
libfreebl3-hmac-3.53.1-3.45.1
libfreebl3-hmac-32bit-3.53.1-3.45.1
libsoftokn3-3.53.1-3.45.1
libsoftokn3-32bit-3.53.1-3.45.1
libsoftokn3-hmac-3.53.1-3.45.1
libsoftokn3-hmac-32bit-3.53.1-3.45.1
mozilla-nss-3.53.1-3.45.1
mozilla-nss-32bit-3.53.1-3.45.1
mozilla-nss-certs-3.53.1-3.45.1
mozilla-nss-certs-32bit-3.53.1-3.45.1
mozilla-nss-devel-3.53.1-3.45.1
mozilla-nss-sysinit-3.53.1-3.45.1
mozilla-nss-tools-3.53.1-3.45.1

Ссылки

Описание

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.

Затронутые продукты
Container bci/openjdk-devel:11:libfreebl3-3.53.1-3.45.1
Container bci/openjdk-devel:11:libfreebl3-hmac-3.53.1-3.45.1
Container bci/openjdk-devel:11:libsoftokn3-3.53.1-3.45.1
Container bci/openjdk-devel:11:libsoftokn3-hmac-3.53.1-3.45.1
Ссылки
Уязвимость SUSE-SU-2020:1850-1