SUSE-RU-2026:1467-1: moderate: Recommended update for mozilla-nss

SLE-UPDATES null at suse.de
Mon Apr 20 16:31:03 UTC 2026 


# Recommended update for mozilla-nss

Announcement ID: SUSE-RU-2026:1467-1  
Release Date: 2026-04-20T08:10:50Z  
Rating: moderate  
References:

  
Affected Products:

  * SUSE Linux Enterprise Micro 5.2
  * SUSE Linux Enterprise Micro for Rancher 5.2

  
  
An update that can now be installed.

## Description:

This update for mozilla-nss fixes the following issues:

Update to NSS 3.112.4:

  * improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey.
  * Improving the allocation of S/MIME DecryptSymKey.
  * store email on subject cache_entry in NSS trust domain.
  * Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[]
    entry on NameConstraints violation.
  * Improve size calculations in CMS content buffering.
  * avoid integer overflow while escaping RFC822 Names.
  * Reject excessively large ASN.1 SEQUENCE OF in quickder.
  * Deep copy profile data in CERT_FindSMimeProfile.
  * Improve input validation in DSAU signature decoding.
  * avoid integer overflow in RSA_EMSAEncodePSS.
  * RSA_EMSAEncodePSS should validate the length of mHash.
  * Add a maximum cert uncompressed len and tests.
  * Clarify extension negotiation mechanism for TLS Handshakes.
  * ensure permittedSubtrees don't match wildcards that could be outside the
    permitted tree.
  * Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag.
  * Remove invalid PORT_Free().
  * free digest objects in SEC_PKCS7DecoderFinish if they haven't already been
    freed.
  * make ss->ssl3.hs.cookie an owned-copy of the cookie.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Micro 5.2  
    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1467=1

  * SUSE Linux Enterprise Micro for Rancher 5.2  
    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1467=1

## Package List:

  * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
    * mozilla-nss-certs-3.112.4-150000.3.138.1
    * libfreebl3-3.112.4-150000.3.138.1
    * libfreebl3-debuginfo-3.112.4-150000.3.138.1
    * mozilla-nss-certs-debuginfo-3.112.4-150000.3.138.1
    * libsoftokn3-debuginfo-3.112.4-150000.3.138.1
    * mozilla-nss-tools-debuginfo-3.112.4-150000.3.138.1
    * mozilla-nss-3.112.4-150000.3.138.1
    * mozilla-nss-debugsource-3.112.4-150000.3.138.1
    * mozilla-nss-debuginfo-3.112.4-150000.3.138.1
    * mozilla-nss-tools-3.112.4-150000.3.138.1
    * libsoftokn3-3.112.4-150000.3.138.1
  * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
    * mozilla-nss-certs-3.112.4-150000.3.138.1
    * libfreebl3-3.112.4-150000.3.138.1
    * libfreebl3-debuginfo-3.112.4-150000.3.138.1
    * mozilla-nss-certs-debuginfo-3.112.4-150000.3.138.1
    * libsoftokn3-debuginfo-3.112.4-150000.3.138.1
    * mozilla-nss-tools-debuginfo-3.112.4-150000.3.138.1
    * mozilla-nss-3.112.4-150000.3.138.1
    * mozilla-nss-debugsource-3.112.4-150000.3.138.1
    * mozilla-nss-debuginfo-3.112.4-150000.3.138.1
    * mozilla-nss-tools-3.112.4-150000.3.138.1
    * libsoftokn3-3.112.4-150000.3.138.1

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20260420/e4336c2a/attachment.htm>

More information about the sle-updates mailing list