Описание
Security update for mozilla-nss
This update for mozilla-nss fixes the following issues:
- Move NSS DB password hash away from SHA-1
Update to NSS 3.112.2:
- Prevent leaks during pkcs12 decoding.
- SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates
Update to NSS 3.112.1:
- restore support for finding certificates by decoded serial number.
Список пакетов
SUSE Linux Enterprise Server 12 SP5-LTSS
libfreebl3-3.112.2-58.133.1
libfreebl3-32bit-3.112.2-58.133.1
libsoftokn3-3.112.2-58.133.1
libsoftokn3-32bit-3.112.2-58.133.1
mozilla-nss-3.112.2-58.133.1
mozilla-nss-32bit-3.112.2-58.133.1
mozilla-nss-certs-3.112.2-58.133.1
mozilla-nss-certs-32bit-3.112.2-58.133.1
mozilla-nss-devel-3.112.2-58.133.1
mozilla-nss-sysinit-3.112.2-58.133.1
mozilla-nss-sysinit-32bit-3.112.2-58.133.1
mozilla-nss-tools-3.112.2-58.133.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
libfreebl3-3.112.2-58.133.1
libfreebl3-32bit-3.112.2-58.133.1
libsoftokn3-3.112.2-58.133.1
libsoftokn3-32bit-3.112.2-58.133.1
mozilla-nss-3.112.2-58.133.1
mozilla-nss-32bit-3.112.2-58.133.1
mozilla-nss-certs-3.112.2-58.133.1
mozilla-nss-certs-32bit-3.112.2-58.133.1
mozilla-nss-devel-3.112.2-58.133.1
mozilla-nss-sysinit-3.112.2-58.133.1
mozilla-nss-sysinit-32bit-3.112.2-58.133.1
mozilla-nss-tools-3.112.2-58.133.1
Ссылки
- Link for SUSE-SU-2025:3759-1
- E-Mail link for SUSE-SU-2025:3759-1
- SUSE Security Ratings
- SUSE Bug 1251263
- SUSE CVE CVE-2025-9187 page
Описание
Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142 and Thunderbird < 142.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:libfreebl3-3.112.2-58.133.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libfreebl3-32bit-3.112.2-58.133.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libsoftokn3-3.112.2-58.133.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libsoftokn3-32bit-3.112.2-58.133.1
Ссылки
- CVE-2025-9187
- SUSE Bug 1248162