SUSE-SU-2020:14418-1 -- SLES mozilla-nsprID: oval:org.secpod.oval:def:89003011 | Date: (C)2021-02-25 (M)2024-04-17 |
Class: PATCH | Family: unix |
This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2019-11745: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation . - CVE-2020-12399: Fixed a timing attack on DSA signature generation . - CVE-2019-17006: Added length checks for cryptographic primitives . - CVE-2019-11727: A vulnerability exists where it possible to force Network Security Services to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony . - Fixed an issue where Firefox tab was crashing . Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_rele ase_notes mozilla-nspr was updated to version 4.25.
Platform: |
SUSE Linux Enterprise Server 11 SP4 |