Security update for mozilla-nspr, mozilla-nss
This update for mozilla-nspr, mozilla-nss fixes the following issues:
mozilla-nss was updated to version 3.53
- CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978).
- CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819).
Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes
mozilla-nspr to version 4.25
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Martin Sirringhaus (MSirringhaus)
Fixed bugs
bnc#1171978
VUL-0: CVE-2020-12399: mozilla-nss: Timing attack on DSA signature generation
bnc#1159819
VUL-0: CVE-2019-17006: mozilla-nss: nss: Check length of inputs for cryptographic primitives
bnc#1169746
GCC 10: mozilla-nss build fails on i586
