SUSE-SU-2024:2600-1: moderate: Security update for mozilla-nss
SLE-UPDATES
null at suse.de
Tue Jul 23 08:30:20 UTC 2024
# Security update for mozilla-nss
Announcement ID: SUSE-SU-2024:2600-1
Rating: moderate
References:
* bsc#1214980
* bsc#1222804
* bsc#1222807
* bsc#1222811
* bsc#1222813
* bsc#1222814
* bsc#1222821
* bsc#1222822
* bsc#1222826
* bsc#1222828
* bsc#1222830
* bsc#1222833
* bsc#1222834
* bsc#1224113
* bsc#1224115
* bsc#1224116
* bsc#1224118
Cross-References:
* CVE-2023-5388
CVSS scores:
* CVE-2023-5388 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves one vulnerability and has 16 security fixes can now be
installed.
## Description:
This update for mozilla-nss fixes the following issues:
* FIPS: Added more safe memset (bsc#1222811).
* FIPS: Adjusted AES GCM restrictions (bsc#1222830).
* FIPS: Adjusted approved ciphers (bsc#1222813, bsc#1222814, bsc#1222821,
bsc#1222822, bsc#1224118, bsc#1222807, bsc#1222828, bsc#1222834,
bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115,
bsc#1224116).
Update to NSS 3.101.1:
* GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
update to NSS 3.101:
* add diagnostic assertions for SFTKObject refcount.
* freeing the slot in DeleteCertAndKey if authentication failed
* fix formatting issues.
* Add Firmaprofesional CA Root-A Web to NSS.
* remove invalid acvp fuzz test vectors.
* pad short P-384 and P-521 signatures gtests.
* remove unused FreeBL ECC code.
* pad short P-384 and P-521 signatures.
* be less strict about ECDSA private key length.
* Integrate HACL* P-521.
* Integrate HACL* P-384.
* memory leak in create_objects_from_handles.
* ensure all input is consumed in a few places in mozilla::pkix
* SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* clean up escape handling
* Use lib::pkix as default validator instead of the old-one
* Need to add high level support for PQ signing.
* Certificate Compression: changing the allocation/freeing of buffer +
Improving the documentation
* SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* Allow for non-full length ecdsa signature when using softoken
* Modification of .taskcluster.yml due to mozlint indent defects
* Implement support for PBMAC1 in PKCS#12
* disable VLA warnings for fuzz builds.
* remove redundant AllocItem implementation.
* add PK11_ReadDistrustAfterAttribute.
* * Clang-formatting of SEC_GetMgfTypeByOidTag update
* Set SEC_ERROR_LIBRARY_FAILURE on self-test failure
* sftk_getParameters(): Fix fallback to default variable after error with
configfile.
* Switch to the mozillareleases/image_builder image
* switch from ec_field_GFp to ec_field_plain
Update to NSS 3.100:
* merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations.
* remove ckcapi.
* avoid a potential PK11GenericObject memory leak.
* Remove incomplete ESDH code.
* Decrypt RSA OAEP encrypted messages.
* Fix certutil CRLDP URI code.
* Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys.
* Add ability to encrypt and decrypt CMS messages using ECDH.
* Correct Templates for key agreement in smime/cmsasn.c.
* Moving the decodedCert allocation to NSS.
* Allow developers to speed up repeated local execution of NSS tests that
depend on certificates.
Update to NSS 3.99:
* Removing check for message len in ed25519 (bmo#1325335)
* add ed25519 to SECU_ecName2params. (bmo#1884276)
* add EdDSA wycheproof tests. (bmo#1325335)
* nss/lib layer code for EDDSA. (bmo#1325335)
* Adding EdDSA implementation. (bmo#1325335)
* Exporting Certificate Compression types (bmo#1881027)
* Updating ACVP docker to rust 1.74 (bmo#1880857)
* Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335)
* Add NSS_CMSRecipient_IsSupported. (bmo#1877730)
Update to NSS 3.98:
* (CVE-2023-5388) Timing attack against RSA decryption in TLS
* Certificate Compression: enabling the check that the compression was
advertised
* Move Windows workers to nss-1/b-win2022-alpha
* Remove Email trust bit from OISTE WISeKey Global Root GC CA
* Replace `distutils.spawn.find_executable` with `shutil.which` within `mach`
in `nss`
* Certificate Compression: Updating nss_bogo_shim to support Certificate
compression
* TLS Certificate Compression (RFC 8879) Implementation
* Add valgrind annotations to freebl kyber operations for constant-time
execution tests
* Set nssckbi version number to 2.66
* Add Telekom Security roots
* Add D-Trust 2022 S/MIME roots
* Remove expired Security Communication RootCA1 root
* move keys to a slot that supports concatenation in PK11_ConcatSymKeys
* remove unmaintained tls-interop tests
* bogo: add support for the -ipv6 and -shim-id shim flags
* bogo: add support for the -curves shim flag and update Kyber expectations
* bogo: adjust expectation for a key usage bit test
* mozpkix: add option to ignore invalid subject alternative names
* Fix selfserv not stripping `publicname:` from -X value
* take ownership of ecckilla shims
* add valgrind annotations to freebl/ec.c
* PR_INADDR_ANY needs PR_htonl before assignment to inet.ip
* Update zlib to 1.3.1
Update to NSS 3.97:
* make Xyber768d00 opt-in by policy
* add libssl support for xyber768d00
* add PK11_ConcatSymKeys
* add Kyber and a PKCS#11 KEM interface to softoken
* add a FreeBL API for Kyber
* part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff
* part 1: add a script for vendoring kyber from pq-crystals repo
* Removing the calls to RSA Blind from loader.*
* fix worker type for level3 mac tasks
* RSA Blind implementation
* Remove DSA selftests
* read KWP testvectors from JSON
* Backed out changeset dcb174139e4f
* Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation
* Wrap CC shell commands in gyp expansions
Update to NSS 3.96.1:
* Use pypi dependencies for MacOS worker in ./build_gyp.sh
* p7sign: add -a hash and -u certusage (also p7verify cleanups)
* add a defensive check for large ssl_DefSend return values
* Add dependency to the taskcluster script for Darwin
* Upgrade version of the MacOS worker for the CI
Update to NSS 3.95:
* Bump builtins version number.
* Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF
A62634068 root cert.
* Remove 4 DigiCert (Symantec/Verisign) Root Certificates
* Remove 3 TrustCor Root Certificates from NSS.
* Remove Camerfirma root certificates from NSS.
* Remove old Autoridad de Certificacion Firmaprofesional Certificate.
* Add four Commscope root certificates to NSS.
* Add TrustAsia Global Root CA G3 and G4 root certificates.
* Include P-384 and P-521 Scalar Validation from HACL*
* Include P-256 Scalar Validation from HACL*.
* After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER
wrapping at the softoken level
* Add means to provide library parameters to C_Initialize
* add OSXSAVE and XCR0 tests to AVX2 detection.
* Typo in ssl3_AppendHandshakeNumber
* Introducing input check of ssl3_AppendHandshakeNumber
* Fix Invalid casts in instance.c
Update to NSS 3.94:
* Updated code and commit ID for HACL*
* update ACVP fuzzed test vector: refuzzed with current NSS
* Softoken C_ calls should use system FIPS setting to select NSC_ or FC_
variants
* NSS needs a database tool that can dump the low level representation of the
database
* declare string literals using char in pkixnames_tests.cpp
* avoid implicit conversion for ByteString
* update rust version for acvp docker
* Moving the init function of the mpi_ints before clean-up in ec.c
* P-256 ECDH and ECDSA from HACL*
* Add ACVP test vectors to the repository
* Stop relying on std::basic_string<uint8_t>
* Transpose the PPC_ABI check from Makefile to gyp
Update to NSS 3.93:
* Update zlib in NSS to 1.3.
* softoken: iterate hashUpdate calls for long inputs.
* regenerate NameConstraints test certificates (bsc#1214980).
Update to NSS 3.92:
* Set nssckbi version number to 2.62
* Add 4 Atos TrustedRoot Root CA certificates to NSS
* Add 4 SSL.com Root CA certificates
* Add Sectigo E46 and R46 Root CA certificates
* Add LAWtrust Root CA2 (4096)
* Remove E-Tugra Certification Authority root
* Remove Camerfirma Chambers of Commerce Root.
* Remove Hongkong Post Root CA 1
* Remove E-Tugra Global Root CA ECC v3 and RSA v3
* Avoid redefining BYTE_ORDER on hppa Linux
Update to NSS 3.91:
* Implementation of the HW support check for ADX instruction
* Removing the support of Curve25519
* Fix comment about the addition of ticketSupportsEarlyData
* Adding args to enable-legacy-db build
* dbtests.sh failure in "certutil dump keys with explicit default trust flags"
* Initialize flags in slot structures
* Improve the length check of RSA input to avoid heap overflow
* Followup Fixes
* avoid processing unexpected inputs by checking for m_exptmod base sign
* add a limit check on order_k to avoid infinite loop
* Update HACL* to commit 5f6051d2
* add SHA3 to cryptohi and softoken
* HACL SHA3
* Disabling ASM C25519 for A but X86_64
Update to NSS 3.90.3:
* GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
* clean up escape handling.
* remove redundant AllocItem implementation.
* Disable ASM support for Curve25519.
* Disable ASM support for Curve25519 for all but X86_64.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-2600=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-2600=1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-2600=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-2600=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-2600=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-2600=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-2600=1
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-2600=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-2600=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-2600=1
## Package List:
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* libfreebl3-3.101.1-150000.3.117.1
* libsoftokn3-3.101.1-150000.3.117.1
* mozilla-nss-certs-3.101.1-150000.3.117.1
* mozilla-nss-debugsource-3.101.1-150000.3.117.1
* mozilla-nss-devel-3.101.1-150000.3.117.1
* mozilla-nss-tools-3.101.1-150000.3.117.1
* mozilla-nss-certs-debuginfo-3.101.1-150000.3.117.1
* libfreebl3-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-tools-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-sysinit-3.101.1-150000.3.117.1
* mozilla-nss-sysinit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-3.101.1-150000.3.117.1
* libsoftokn3-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-debuginfo-3.101.1-150000.3.117.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64)
* mozilla-nss-certs-32bit-3.101.1-150000.3.117.1
* libsoftokn3-32bit-3.101.1-150000.3.117.1
* mozilla-nss-32bit-3.101.1-150000.3.117.1
* libfreebl3-32bit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-32bit-debuginfo-3.101.1-150000.3.117.1
* libfreebl3-32bit-3.101.1-150000.3.117.1
* libsoftokn3-32bit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-certs-32bit-debuginfo-3.101.1-150000.3.117.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* libfreebl3-3.101.1-150000.3.117.1
* libsoftokn3-3.101.1-150000.3.117.1
* mozilla-nss-certs-3.101.1-150000.3.117.1
* mozilla-nss-debugsource-3.101.1-150000.3.117.1
* mozilla-nss-devel-3.101.1-150000.3.117.1
* mozilla-nss-tools-3.101.1-150000.3.117.1
* mozilla-nss-certs-debuginfo-3.101.1-150000.3.117.1
* libfreebl3-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-tools-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-sysinit-3.101.1-150000.3.117.1
* mozilla-nss-sysinit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-3.101.1-150000.3.117.1
* libsoftokn3-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-debuginfo-3.101.1-150000.3.117.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64)
* mozilla-nss-sysinit-32bit-3.101.1-150000.3.117.1
* mozilla-nss-certs-32bit-3.101.1-150000.3.117.1
* libsoftokn3-32bit-3.101.1-150000.3.117.1
* mozilla-nss-32bit-3.101.1-150000.3.117.1
* libfreebl3-32bit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-32bit-debuginfo-3.101.1-150000.3.117.1
* libfreebl3-32bit-3.101.1-150000.3.117.1
* libsoftokn3-32bit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-sysinit-32bit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-certs-32bit-debuginfo-3.101.1-150000.3.117.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* libfreebl3-3.101.1-150000.3.117.1
* libsoftokn3-3.101.1-150000.3.117.1
* mozilla-nss-certs-3.101.1-150000.3.117.1
* mozilla-nss-debugsource-3.101.1-150000.3.117.1
* mozilla-nss-devel-3.101.1-150000.3.117.1
* mozilla-nss-tools-3.101.1-150000.3.117.1
* mozilla-nss-certs-debuginfo-3.101.1-150000.3.117.1
* libfreebl3-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-tools-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-sysinit-3.101.1-150000.3.117.1
* mozilla-nss-sysinit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-3.101.1-150000.3.117.1
* libsoftokn3-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-debuginfo-3.101.1-150000.3.117.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64)
* mozilla-nss-certs-32bit-3.101.1-150000.3.117.1
* libsoftokn3-32bit-3.101.1-150000.3.117.1
* mozilla-nss-32bit-3.101.1-150000.3.117.1
* libfreebl3-32bit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-32bit-debuginfo-3.101.1-150000.3.117.1
* libfreebl3-32bit-3.101.1-150000.3.117.1
* libsoftokn3-32bit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-certs-32bit-debuginfo-3.101.1-150000.3.117.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* libfreebl3-3.101.1-150000.3.117.1
* libsoftokn3-3.101.1-150000.3.117.1
* mozilla-nss-certs-3.101.1-150000.3.117.1
* mozilla-nss-debugsource-3.101.1-150000.3.117.1
* mozilla-nss-devel-3.101.1-150000.3.117.1
* mozilla-nss-tools-3.101.1-150000.3.117.1
* mozilla-nss-certs-debuginfo-3.101.1-150000.3.117.1
* libfreebl3-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-tools-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-sysinit-3.101.1-150000.3.117.1
* mozilla-nss-sysinit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-3.101.1-150000.3.117.1
* libsoftokn3-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-debuginfo-3.101.1-150000.3.117.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64)
* mozilla-nss-sysinit-32bit-3.101.1-150000.3.117.1
* mozilla-nss-certs-32bit-3.101.1-150000.3.117.1
* libsoftokn3-32bit-3.101.1-150000.3.117.1
* mozilla-nss-32bit-3.101.1-150000.3.117.1
* libfreebl3-32bit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-32bit-debuginfo-3.101.1-150000.3.117.1
* libfreebl3-32bit-3.101.1-150000.3.117.1
* libsoftokn3-32bit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-sysinit-32bit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-certs-32bit-debuginfo-3.101.1-150000.3.117.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* libfreebl3-3.101.1-150000.3.117.1
* libsoftokn3-3.101.1-150000.3.117.1
* mozilla-nss-certs-3.101.1-150000.3.117.1
* mozilla-nss-debugsource-3.101.1-150000.3.117.1
* mozilla-nss-devel-3.101.1-150000.3.117.1
* mozilla-nss-tools-3.101.1-150000.3.117.1
* mozilla-nss-certs-debuginfo-3.101.1-150000.3.117.1
* libfreebl3-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-tools-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-sysinit-3.101.1-150000.3.117.1
* mozilla-nss-sysinit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-3.101.1-150000.3.117.1
* libsoftokn3-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-debuginfo-3.101.1-150000.3.117.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64)
* mozilla-nss-certs-32bit-3.101.1-150000.3.117.1
* libsoftokn3-32bit-3.101.1-150000.3.117.1
* mozilla-nss-32bit-3.101.1-150000.3.117.1
* libfreebl3-32bit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-32bit-debuginfo-3.101.1-150000.3.117.1
* libfreebl3-32bit-3.101.1-150000.3.117.1
* libsoftokn3-32bit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-certs-32bit-debuginfo-3.101.1-150000.3.117.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* libfreebl3-3.101.1-150000.3.117.1
* libsoftokn3-3.101.1-150000.3.117.1
* mozilla-nss-certs-3.101.1-150000.3.117.1
* mozilla-nss-debugsource-3.101.1-150000.3.117.1
* mozilla-nss-devel-3.101.1-150000.3.117.1
* mozilla-nss-tools-3.101.1-150000.3.117.1
* mozilla-nss-certs-debuginfo-3.101.1-150000.3.117.1
* libfreebl3-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-tools-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-sysinit-3.101.1-150000.3.117.1
* mozilla-nss-sysinit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-3.101.1-150000.3.117.1
* libsoftokn3-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-debuginfo-3.101.1-150000.3.117.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64)
* mozilla-nss-sysinit-32bit-3.101.1-150000.3.117.1
* mozilla-nss-certs-32bit-3.101.1-150000.3.117.1
* libsoftokn3-32bit-3.101.1-150000.3.117.1
* mozilla-nss-32bit-3.101.1-150000.3.117.1
* libfreebl3-32bit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-32bit-debuginfo-3.101.1-150000.3.117.1
* libfreebl3-32bit-3.101.1-150000.3.117.1
* libsoftokn3-32bit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-sysinit-32bit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-certs-32bit-debuginfo-3.101.1-150000.3.117.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* libfreebl3-3.101.1-150000.3.117.1
* libsoftokn3-3.101.1-150000.3.117.1
* mozilla-nss-certs-3.101.1-150000.3.117.1
* mozilla-nss-debugsource-3.101.1-150000.3.117.1
* mozilla-nss-devel-3.101.1-150000.3.117.1
* mozilla-nss-tools-3.101.1-150000.3.117.1
* mozilla-nss-certs-debuginfo-3.101.1-150000.3.117.1
* libfreebl3-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-tools-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-sysinit-3.101.1-150000.3.117.1
* mozilla-nss-sysinit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-3.101.1-150000.3.117.1
* libsoftokn3-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-debuginfo-3.101.1-150000.3.117.1
* SUSE Enterprise Storage 7.1 (x86_64)
* mozilla-nss-sysinit-32bit-3.101.1-150000.3.117.1
* mozilla-nss-certs-32bit-3.101.1-150000.3.117.1
* libsoftokn3-32bit-3.101.1-150000.3.117.1
* mozilla-nss-32bit-3.101.1-150000.3.117.1
* libfreebl3-32bit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-32bit-debuginfo-3.101.1-150000.3.117.1
* libfreebl3-32bit-3.101.1-150000.3.117.1
* libsoftokn3-32bit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-sysinit-32bit-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-certs-32bit-debuginfo-3.101.1-150000.3.117.1
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* libfreebl3-3.101.1-150000.3.117.1
* libsoftokn3-3.101.1-150000.3.117.1
* mozilla-nss-certs-3.101.1-150000.3.117.1
* mozilla-nss-debugsource-3.101.1-150000.3.117.1
* mozilla-nss-tools-3.101.1-150000.3.117.1
* mozilla-nss-certs-debuginfo-3.101.1-150000.3.117.1
* libfreebl3-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-tools-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-3.101.1-150000.3.117.1
* libsoftokn3-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-debuginfo-3.101.1-150000.3.117.1
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* libfreebl3-3.101.1-150000.3.117.1
* libsoftokn3-3.101.1-150000.3.117.1
* mozilla-nss-certs-3.101.1-150000.3.117.1
* mozilla-nss-debugsource-3.101.1-150000.3.117.1
* mozilla-nss-tools-3.101.1-150000.3.117.1
* mozilla-nss-certs-debuginfo-3.101.1-150000.3.117.1
* libfreebl3-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-tools-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-3.101.1-150000.3.117.1
* libsoftokn3-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-debuginfo-3.101.1-150000.3.117.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* libfreebl3-3.101.1-150000.3.117.1
* libsoftokn3-3.101.1-150000.3.117.1
* mozilla-nss-certs-3.101.1-150000.3.117.1
* mozilla-nss-debugsource-3.101.1-150000.3.117.1
* mozilla-nss-tools-3.101.1-150000.3.117.1
* mozilla-nss-certs-debuginfo-3.101.1-150000.3.117.1
* libfreebl3-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-tools-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-3.101.1-150000.3.117.1
* libsoftokn3-debuginfo-3.101.1-150000.3.117.1
* mozilla-nss-debuginfo-3.101.1-150000.3.117.1
## References:
* https://www.suse.com/security/cve/CVE-2023-5388.html
* https://bugzilla.suse.com/show_bug.cgi?id=1214980
* https://bugzilla.suse.com/show_bug.cgi?id=1222804
* https://bugzilla.suse.com/show_bug.cgi?id=1222807
* https://bugzilla.suse.com/show_bug.cgi?id=1222811
* https://bugzilla.suse.com/show_bug.cgi?id=1222813
* https://bugzilla.suse.com/show_bug.cgi?id=1222814
* https://bugzilla.suse.com/show_bug.cgi?id=1222821
* https://bugzilla.suse.com/show_bug.cgi?id=1222822
* https://bugzilla.suse.com/show_bug.cgi?id=1222826
* https://bugzilla.suse.com/show_bug.cgi?id=1222828
* https://bugzilla.suse.com/show_bug.cgi?id=1222830
* https://bugzilla.suse.com/show_bug.cgi?id=1222833
* https://bugzilla.suse.com/show_bug.cgi?id=1222834
* https://bugzilla.suse.com/show_bug.cgi?id=1224113
* https://bugzilla.suse.com/show_bug.cgi?id=1224115
* https://bugzilla.suse.com/show_bug.cgi?id=1224116
* https://bugzilla.suse.com/show_bug.cgi?id=1224118
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20240723/d627749c/attachment.htm>
More information about the sle-updates
mailing list