Описание
Security update for mozilla-nspr, mozilla-nss
This update for mozilla-nspr, mozilla-nss fixes the following issues:
mozilla-nss was updated to version 3.53
- CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978).
- CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes
mozilla-nspr to version 4.25
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
libfreebl3-3.53-lp151.2.23.1
libfreebl3-32bit-3.53-lp151.2.23.1
libfreebl3-hmac-3.53-lp151.2.23.1
libfreebl3-hmac-32bit-3.53-lp151.2.23.1
libsoftokn3-3.53-lp151.2.23.1
libsoftokn3-32bit-3.53-lp151.2.23.1
libsoftokn3-hmac-3.53-lp151.2.23.1
libsoftokn3-hmac-32bit-3.53-lp151.2.23.1
mozilla-nspr-4.25-lp151.2.9.1
mozilla-nspr-32bit-4.25-lp151.2.9.1
mozilla-nspr-devel-4.25-lp151.2.9.1
mozilla-nss-3.53-lp151.2.23.1
mozilla-nss-32bit-3.53-lp151.2.23.1
mozilla-nss-certs-3.53-lp151.2.23.1
mozilla-nss-certs-32bit-3.53-lp151.2.23.1
mozilla-nss-devel-3.53-lp151.2.23.1
mozilla-nss-sysinit-3.53-lp151.2.23.1
mozilla-nss-sysinit-32bit-3.53-lp151.2.23.1
mozilla-nss-tools-3.53-lp151.2.23.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0854-1
- SUSE Security Ratings
- SUSE Bug 1159819
- SUSE Bug 1169746
- SUSE Bug 1171978
- SUSE CVE CVE-2019-17006 page
- SUSE CVE CVE-2020-12399 page
Описание
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.
Затронутые продукты
openSUSE Leap 15.1:libfreebl3-3.53-lp151.2.23.1
openSUSE Leap 15.1:libfreebl3-32bit-3.53-lp151.2.23.1
openSUSE Leap 15.1:libfreebl3-hmac-3.53-lp151.2.23.1
openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.53-lp151.2.23.1
Ссылки
- CVE-2019-17006
- SUSE Bug 1159819
Описание
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Затронутые продукты
openSUSE Leap 15.1:libfreebl3-3.53-lp151.2.23.1
openSUSE Leap 15.1:libfreebl3-32bit-3.53-lp151.2.23.1
openSUSE Leap 15.1:libfreebl3-hmac-3.53-lp151.2.23.1
openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.53-lp151.2.23.1
Ссылки
- CVE-2020-12399
- SUSE Bug 1171978
- SUSE Bug 1172402