Описание
Security update for mozilla-nss
This update for mozilla-nss fixes the following issues:
Mozilla NSS 3.68.3 (bsc#1197903):
- CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use.
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
libfreebl3-3.68.3-47.25.1
libsoftokn3-3.68.3-47.25.1
mozilla-nss-3.68.3-47.25.1
mozilla-nss-certs-3.68.3-47.25.1
mozilla-nss-tools-3.68.3-47.25.1
SUSE Linux Enterprise Server 11 SP4-LTSS
libfreebl3-3.68.3-47.25.1
libfreebl3-32bit-3.68.3-47.25.1
libsoftokn3-3.68.3-47.25.1
libsoftokn3-32bit-3.68.3-47.25.1
mozilla-nss-3.68.3-47.25.1
mozilla-nss-32bit-3.68.3-47.25.1
mozilla-nss-certs-3.68.3-47.25.1
mozilla-nss-certs-32bit-3.68.3-47.25.1
mozilla-nss-devel-3.68.3-47.25.1
mozilla-nss-tools-3.68.3-47.25.1
Ссылки
- Link for SUSE-SU-2022:14936-1
- E-Mail link for SUSE-SU-2022:14936-1
- SUSE Security Ratings
- SUSE Bug 1197903
- SUSE CVE CVE-2022-1097 page
Описание
<code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:libfreebl3-3.68.3-47.25.1
SUSE Linux Enterprise Point of Sale 11 SP3:libsoftokn3-3.68.3-47.25.1
SUSE Linux Enterprise Point of Sale 11 SP3:mozilla-nss-3.68.3-47.25.1
SUSE Linux Enterprise Point of Sale 11 SP3:mozilla-nss-certs-3.68.3-47.25.1
Ссылки
- CVE-2022-1097
- SUSE Bug 1197903