SUSE-RU-2019:2025-2: moderate: Recommended update for mozilla-nspr, mozilla-nss

sle-updates at lists.suse.com sle-updates at lists.suse.com
Fri Aug 16 16:13:23 MDT 2019 

   SUSE Recommended Update: Recommended update for mozilla-nspr, mozilla-nss
______________________________________________________________________________

Announcement ID:    SUSE-RU-2019:2025-2
Rating:             moderate
References:         #1141322 
Affected Products:
                    SUSE Enterprise Storage 5
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for mozilla-nspr, mozilla-nss fixes the following issues:

   mozilla-nss was updated to NSS 3.45 (bsc#1141322):

   * New function in pk11pub.h: PK11_FindRawCertsWithSubject
   * The following CA certificates were Removed: CN = Certinomis - Root CA
     (bmo#1552374)
   * Implement Delegated Credentials (draft-ietf-tls-subcerts) (bmo#1540403)
     This adds a new experimental function SSL_DelegateCredential Note: In
     3.45, selfserv does not yet support delegated credentials (See
     bmo#1548360). Note: In 3.45 the SSLChannelInfo is left unmodified, while
     an upcoming change in 3.46 will set SSLChannelInfo.authKeyBits to that
     of the delegated credential for better policy enforcement (See
     bmo#1563078).
   * Replace ARM32 Curve25519 implementation with one from fiat-crypto
     (bmo#1550579)
   * Expose a function PK11_FindRawCertsWithSubject for finding certificates
     with a given subject on a given slot (bmo#1552262)
   * Add IPSEC IKE support to softoken (bmo#1546229)
   * Add support for the Elbrus lcc compiler (<=1.23) (bmo#1554616)
   * Expose an external clock for SSL (bmo#1543874) This adds new
     experimental functions: SSL_SetTimeFunc, SSL_CreateAntiReplayContext,
     SSL_SetAntiReplayContext, and SSL_ReleaseAntiReplayContext. The
     experimental function SSL_InitAntiReplay is removed.
   * Various changes in response to the ongoing FIPS review (bmo#1546477)
     Note: The source package size has increased substantially due to the new
     FIPS test vectors. This will likely prompt follow-on work, but please
     accept our apologies in the meantime.

   mozilla-nspr was updated to version 4.21:

   * Changed prbit.h to use builtin function on aarch64.


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Enterprise Storage 5:

      zypper in -t patch SUSE-Storage-5-2019-2025=1



Package List:

   - SUSE Enterprise Storage 5 (aarch64):

      libfreebl3-3.45-58.31.1
      libfreebl3-debuginfo-3.45-58.31.1
      libfreebl3-hmac-3.45-58.31.1
      libsoftokn3-3.45-58.31.1
      libsoftokn3-debuginfo-3.45-58.31.1
      libsoftokn3-hmac-3.45-58.31.1
      mozilla-nspr-4.21-19.9.1
      mozilla-nspr-debuginfo-4.21-19.9.1
      mozilla-nspr-debugsource-4.21-19.9.1
      mozilla-nss-3.45-58.31.1
      mozilla-nss-certs-3.45-58.31.1
      mozilla-nss-certs-debuginfo-3.45-58.31.1
      mozilla-nss-debuginfo-3.45-58.31.1
      mozilla-nss-debugsource-3.45-58.31.1
      mozilla-nss-sysinit-3.45-58.31.1
      mozilla-nss-sysinit-debuginfo-3.45-58.31.1
      mozilla-nss-tools-3.45-58.31.1
      mozilla-nss-tools-debuginfo-3.45-58.31.1


References:

   https://bugzilla.suse.com/1141322

More information about the sle-updates mailing list