Security update for mozilla-nspr and mozilla-nss
This update for mozilla-nss and mozilla-nspr fixes the following issues:
Issues fixed in mozilla-nss:
- Update to NSS 3.40.1 (bsc#1119105)
- CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069)
- CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an
SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873)
- CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410)
- Fixed a decryption failure during FFDHE key exchange
- Various security fixes in the ASN.1 code
Issues fixed in mozilla-nspr:
- Update mozilla-nspr to 4.20 (bsc#1119105)
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Charles Robertson (cgrobertson)
Fixed bugs
bnc#1119105
VUL-0: MozillaFirefox,MozillaThunderbird: 64.0, 60.4.0 ESR security releases
bnc#1097410
VUL-0: CVE-2018-0495: Novel side-channel attack "ROHNP"- Key Extraction Side Channel in Multiple Crypto Libraries
