Overview

File _patchinfo of Package patchinfo.9387

<patchinfo incident="9387">
  <issue tracker="bnc" id="1119105">VUL-0: MozillaFirefox,MozillaThunderbird: 64.0, 60.4.0 ESR security releases</issue>
  <issue tracker="bnc" id="1097410">VUL-0: CVE-2018-0495: Novel side-channel attack "ROHNP"- Key Extraction Side Channel in Multiple Crypto Libraries</issue>
  <issue tracker="cve" id="2018-0495"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>cgrobertson</packager>
  <description>This update for mozilla-nss and mozilla-nspr fixes the following issues:

Issues fixed in mozilla-nss:

- Update to NSS 3.40.1 (bsc#1119105)
- CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069)
- CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an
  SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873)
- CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410)
- Fixed a decryption failure during FFDHE key exchange
- Various security fixes in the ASN.1 code

Issues fixed in mozilla-nspr:

- Update mozilla-nspr to 4.20 (bsc#1119105)

This update was imported from the SUSE:SLE-15:Update update project.</description>
  <summary>Security update for mozilla-nspr and mozilla-nss</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places