Synopsis: Moderate: nss, nss-softokn, nss-util, and nspr security, bug 
Advisory ID:       SLSA-2019:2237-1
Issue Date:        2019-08-06
CVE Numbers:       CVE-2018-0495
                   CVE-2018-12404
--

Netscape Portable Runtime (NSPR) provides platform independence for non-
GUI operating system facilities.

The following packages have been upgraded to a later upstream version: nss
(3.44.0), nss-softokn (3.44.0), nss-util (3.44.0), nspr (4.21.0).

Security Fix(es):

* ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries
(CVE-2018-0495)

* nss: Cache side-channel variant of the Bleichenbacher attack
(CVE-2018-12404)
--

SL7
  x86_64
    nss-softokn-3.44.0-5.el7.x86_64.rpm
    nss-devel-3.44.0-4.el7.i686.rpm
    nss-softokn-freebl-3.44.0-5.el7.i686.rpm
    nspr-devel-4.21.0-1.el7.i686.rpm
    nss-devel-3.44.0-4.el7.x86_64.rpm
    nss-tools-3.44.0-4.el7.x86_64.rpm
    nss-softokn-devel-3.44.0-5.el7.i686.rpm
    nss-sysinit-3.44.0-4.el7.x86_64.rpm
    nss-util-devel-3.44.0-3.el7.x86_64.rpm
    nspr-4.21.0-1.el7.x86_64.rpm
    nspr-devel-4.21.0-1.el7.x86_64.rpm
    nss-util-3.44.0-3.el7.x86_64.rpm
    nss-softokn-freebl-devel-3.44.0-5.el7.x86_64.rpm
    nss-softokn-freebl-devel-3.44.0-5.el7.i686.rpm
    nss-softokn-3.44.0-5.el7.i686.rpm
    nss-util-devel-3.44.0-3.el7.i686.rpm
    nss-softokn-devel-3.44.0-5.el7.x86_64.rpm
    nss-3.44.0-4.el7.i686.rpm
    nspr-4.21.0-1.el7.i686.rpm
    nss-3.44.0-4.el7.x86_64.rpm
    nss-util-3.44.0-3.el7.i686.rpm
    nss-softokn-freebl-3.44.0-5.el7.x86_64.rpm
    nss-pkcs11-devel-3.44.0-4.el7.i686.rpm
    nss-pkcs11-devel-3.44.0-4.el7.x86_64.rpm
    nspr-debuginfo-4.21.0-1.el7.i686.rpm
    nspr-debuginfo-4.21.0-1.el7.x86_64.rpm
    nss-debuginfo-3.44.0-4.el7.i686.rpm
    nss-debuginfo-3.44.0-4.el7.x86_64.rpm
    nss-softokn-debuginfo-3.44.0-5.el7.i686.rpm
    nss-softokn-debuginfo-3.44.0-5.el7.x86_64.rpm
    nss-util-debuginfo-3.44.0-3.el7.i686.rpm
    nss-util-debuginfo-3.44.0-3.el7.x86_64.rpm

- Scientific Linux Development Team