Описание
Security update for mozilla-nss
This update for mozilla-nss fixes the following issues:
mozilla-nss was updated to version 3.53.1
- CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032)
- Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.2
libfreebl3-3.53.1-lp152.2.4.1
libfreebl3-32bit-3.53.1-lp152.2.4.1
libfreebl3-hmac-3.53.1-lp152.2.4.1
libfreebl3-hmac-32bit-3.53.1-lp152.2.4.1
libsoftokn3-3.53.1-lp152.2.4.1
libsoftokn3-32bit-3.53.1-lp152.2.4.1
libsoftokn3-hmac-3.53.1-lp152.2.4.1
libsoftokn3-hmac-32bit-3.53.1-lp152.2.4.1
mozilla-nss-3.53.1-lp152.2.4.1
mozilla-nss-32bit-3.53.1-lp152.2.4.1
mozilla-nss-certs-3.53.1-lp152.2.4.1
mozilla-nss-certs-32bit-3.53.1-lp152.2.4.1
mozilla-nss-devel-3.53.1-lp152.2.4.1
mozilla-nss-sysinit-3.53.1-lp152.2.4.1
mozilla-nss-sysinit-32bit-3.53.1-lp152.2.4.1
mozilla-nss-tools-3.53.1-lp152.2.4.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0955-1
- SUSE Security Ratings
- SUSE Bug 1168669
- SUSE Bug 1173032
- SUSE CVE CVE-2020-12402 page
Описание
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.
Затронутые продукты
openSUSE Leap 15.2:libfreebl3-3.53.1-lp152.2.4.1
openSUSE Leap 15.2:libfreebl3-32bit-3.53.1-lp152.2.4.1
openSUSE Leap 15.2:libfreebl3-hmac-3.53.1-lp152.2.4.1
openSUSE Leap 15.2:libfreebl3-hmac-32bit-3.53.1-lp152.2.4.1
Ссылки
- CVE-2020-12402
- SUSE Bug 1173032
- SUSE Bug 1173576
- SUSE Bug 1174230