Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: 2025:3759-1 for mozilla-nss Important Patch Against Exploits

suse
Calendar Grey October 23, 2025
Dist Suse Esm H88
Critical update for SUSE Linux systems addressing important issues in mozilla-nss with significant security impacts.
* bsc#1251263 Cross-References: * CVE-2025-9187

Summary

## This update for mozilla-nss fixes the following issues: * Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-2025-3759=1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-3759=1 ## Package List:

Topics%20covered

Topics Covered

security advisory buffer overflow SuSE package update important Mozilla NSS

References

* bsc#1251263

Cross-

* CVE-2025-9187

CVSS scores:

* CVE-2025-9187 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-9187 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-9187 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* SUSE Linux Enterprise High Performance Computing 12 SP5

* SUSE Linux Enterprise Server 12 SP5

* SUSE Linux Enterprise Server 12 SP5 LTSS

* SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security

* SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves one vulnerability can now be installed.

##

* https://www.suse.com/security/cve/CVE-2025-9187.html

* https://bugzilla.suse.com/show_bug.cgi?id=1251263

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:3759-1
Release Date: 2025-10-23T14:00:36Z
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow SuSE package update important Mozilla NSS

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here