Overview

File _patchinfo of Package patchinfo.9288

<patchinfo incident="9288">
  <issue tracker="bnc" id="1119069">VUL-0: CVE-2018-12404: mozilla-nss: nss: Cache side-channel variant of the Bleichenbacher attack</issue>
  <issue tracker="bnc" id="1106873">VUL-0: CVE-2018-12384: mozilla-nss:  ServerHello.random is all zero when handling a v2-compatible ClientHello</issue>
  <issue tracker="cve" id="2018-12404"/>
  <issue tracker="cve" id="2018-12384"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>wrosenauer</packager>
  <description>This update for mozilla-nss to version 3.36.6 fixes the following issues:

Security issues fixed:

- CVE-2018-12384: NSS responded to an SSLv2-compatible ClientHello with a
  ServerHello that had an all-zero random (bmo#1483128, boo#1106873)
- CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack
  (bmo#1485864, boo#1119069)
</description>
  <summary>Security update for mozilla-nss</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places