Alerts This Week
Warning Icon 1 770
Alerts This Week
Warning Icon 1 770

SUSE: 2022:2595-1 Important: mozilla-nss Critical Security Update

suse
Calendar Grey July 29, 2022
Dist Suse Esm H88
The use of Mozilla NSS in SUSE 15-SP4 raises security concerns due to potential vulnerabilities. Regular updates via zypper and audits are crucial to protect against threats
An update that solves one vulnerability and has 6 fixes is now available

Summary

This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due

Topics%20covered

Topics Covered

security advisory security update critical threat important FIPS compliance SUSE Linux Enterprise mozilla-nss

References

#1192079 #1192080 #1192086 #1192087 #1192228

#1198486 #1200027

Cross- CVE-2022-31741

CVSS scores:

CVE-2022-31741 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

SUSE Linux Enterprise Desktop 15-SP4

SUSE Linux Enterprise High Performance Computing 15-SP4

SUSE Linux Enterprise Module for Basesystem 15-SP4

SUSE Linux Enterprise Server 15-SP4

SUSE Linux Enterprise Server for SAP Applications 15-SP4

SUSE Manager Proxy 4.3

SUSE Manager Retail Branch Server 4.3

SUSE Manager Server 4.3

openSUSE Leap 15.4

https://www.suse.com/security/cve/CVE-2022-31741.html

https://bugzilla.suse.com/1192079

https://bugzilla.suse.com/1192080

https://bugzilla.suse.com/1192086

https://bugzilla.suse.com/1192087

https://bugzilla.suse.com/1192228

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:2595-1
Rating: important

Topics%20covered

Topics Covered

security advisory security update critical threat important FIPS compliance SUSE Linux Enterprise mozilla-nss

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here