Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2020:14418-1 Important: Mozilla-Nspr, Mozilla-Nss Security Advisory

suse
Calendar Grey July 6, 2020
Dist Suse Esm H88
The latest patch addresses various vulnerabilities in mozilla-nspr and mozilla-nss for SUSE, improving overall system security.
An update that solves 5 vulnerabilities and has three fixes is now available

Summary

This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2019-11745: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032). - CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978). - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11727: A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages.

Topics%20covered

Topics Covered

security advisory buffer overflow important timing attack SUSE mozilla-nss mozilla-nspr

References

#1141322 #1158527 #1159819 #1168669 #1169746

#1170908 #1171978 #1173032

Cross- CVE-2019-11727 CVE-2019-11745 CVE-2019-17006

CVE-2020-12399 CVE-2020-12402

Affected Products:

SUSE Linux Enterprise Server 11-SP4-LTSS

https://www.suse.com/security/cve/CVE-2019-11727.html

https://www.suse.com/security/cve/CVE-2019-11745.html

https://www.suse.com/security/cve/CVE-2019-17006.html

https://www.suse.com/security/cve/CVE-2020-12399.html

https://www.suse.com/security/cve/CVE-2020-12402.html

https://bugzilla.suse.com/1141322

https://bugzilla.suse.com/1158527

https://bugzilla.suse.com/1159819

https://bugzilla.suse.com/1168669

https://bugzilla.suse.com/1169746

https://bugzilla.suse.com/1170908

https://bugzilla.suse.com/1171978

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:14418-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow important timing attack SUSE mozilla-nss mozilla-nspr

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here