Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

SUSE Linux Micro: 2025:20030-1 critical: mozilla-nss DoS

suse
Calendar Grey June 4, 2025
Dist Suse Esm H88
The latest security update for SUSE Linux Micro aims to fix vulnerabilities in the mozilla-nss package, specifically addressing CVE-2023-5388 to enhance system safety
* bsc#1214980 * bsc#1216198 * bsc#1222804 * bsc#1222807 * bsc#1222811

Summary

## This update for mozilla-nss fixes the following issues: * update to NSS 3.101.2 * ChaChaXor to return after the function * update to NSS 3.101.1 * missing sqlite header. * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * update to NSS 3.101 * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix

References

* bsc#1214980

* bsc#1216198

* bsc#1222804

* bsc#1222807

* bsc#1222811

* bsc#1222813

* bsc#1222814

* bsc#1222821

* bsc#1222822

* bsc#1222826

* bsc#1222828

* bsc#1222830

* bsc#1222833

* bsc#1222834

* bsc#1223724

* bsc#1224113

* bsc#1224115

* bsc#1224116

* bsc#1224118

* bsc#1227918

* jsc#PED-6358

Cross-

* CVE-2023-5388

CVSS scores:

* CVE-2023-5388 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2023-5388 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected Products:

* SUSE Linux Micro 6.0

An update that solves one vulnerability, contains one feature and has 19 fixes

can now be installed.

##

* https://www.suse.com/security/cve/CVE-2023-5388.html

* https://bugzilla.suse.com/show_bug.cgi?id=1214980

* https://bugzilla.suse.com/show_bug.cgi?id=1216198

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:20030-1
Release Date: 2025-02-03T08:51:45Z
Rating: critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here