Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: 2022:2536-1 Moderate: Mozilla-Nspr and Mozilla-Nss Security Patch

suse
Calendar Grey July 22, 2022
Dist Suse Esm H88
SUSE Security Update for mozilla-nspr, mozilla-nss tackles a serious vulnerability with several improvements aimed at bolstering safety.
An update that solves one vulnerability and has 11 fixes is now available

Summary

This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to fix various issues: FIPS 140-3 enablement patches were backported from SUSE Linux Enterprise 15. - FIPS: add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FISP: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). Version update to NSS 3.79 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.

Topics%20covered

Topics Covered

security advisory moderate software update vulnerability SUSE Linux Enterprise mozilla-nss mozilla-nspr

References

#1191546 #1192079 #1192080 #1192086 #1192087

#1192228 #1193170 #1195040 #1198486 #1198980

#1200325 #1201298

Cross- CVE-2021-43527

CVSS scores:

CVE-2021-43527 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-43527 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

SUSE Linux Enterprise Server 12-SP2-BCL

SUSE Linux Enterprise Server 12-SP3-BCL

SUSE Linux Enterprise Server 12-SP4-LTSS

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server for SAP 12-SP4

SUSE Linux Enterprise Server for SAP Applications 12-SP5

SUSE Linux Enterprise Software Development Kit 12-SP5

SUSE OpenStack Cloud 9

SUSE OpenStack Cloud Crowbar 9

https://www.suse.com/security/cve/CVE-2021-43527.html

https://b...

Read the Full Advisory

Announcement ID: SUSE-SU-2022:2536-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate software update vulnerability SUSE Linux Enterprise mozilla-nss mozilla-nspr

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here