Security update for mozilla-nss SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:0183-1 Final 1 1 2019-03-23T10:59:34Z current 2019-03-23T10:59:34Z 2019-03-23T10:59:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mozilla-nss This update for mozilla-nss fixes the following issues: Security issues fixed: - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bsc#1119069). Non-security issue fixed: - Update to mozilla-nss 3.41.1 This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-183 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/55UMHGS7YZ5AZ4K7HNYIQ73VCFF6QA4L/#55UMHGS7YZ5AZ4K7HNYIQ73VCFF6QA4L E-Mail link for openSUSE-SU-2019:0183-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1119069 SUSE Bug 1119069 https://www.suse.com/security/cve/CVE-2018-12404/ SUSE CVE CVE-2018-12404 page openSUSE Leap 15.0 libfreebl3-3.41.1-lp150.2.16.1 libfreebl3-32bit-3.41.1-lp150.2.16.1 libfreebl3-hmac-3.41.1-lp150.2.16.1 libfreebl3-hmac-32bit-3.41.1-lp150.2.16.1 libsoftokn3-3.41.1-lp150.2.16.1 libsoftokn3-32bit-3.41.1-lp150.2.16.1 libsoftokn3-hmac-3.41.1-lp150.2.16.1 libsoftokn3-hmac-32bit-3.41.1-lp150.2.16.1 mozilla-nss-3.41.1-lp150.2.16.1 mozilla-nss-32bit-3.41.1-lp150.2.16.1 mozilla-nss-certs-3.41.1-lp150.2.16.1 mozilla-nss-certs-32bit-3.41.1-lp150.2.16.1 mozilla-nss-devel-3.41.1-lp150.2.16.1 mozilla-nss-sysinit-3.41.1-lp150.2.16.1 mozilla-nss-sysinit-32bit-3.41.1-lp150.2.16.1 mozilla-nss-tools-3.41.1-lp150.2.16.1 libfreebl3-3.41.1-lp150.2.16.1 as a component of openSUSE Leap 15.0 libfreebl3-32bit-3.41.1-lp150.2.16.1 as a component of openSUSE Leap 15.0 libfreebl3-hmac-3.41.1-lp150.2.16.1 as a component of openSUSE Leap 15.0 libfreebl3-hmac-32bit-3.41.1-lp150.2.16.1 as a component of openSUSE Leap 15.0 libsoftokn3-3.41.1-lp150.2.16.1 as a component of openSUSE Leap 15.0 libsoftokn3-32bit-3.41.1-lp150.2.16.1 as a component of openSUSE Leap 15.0 libsoftokn3-hmac-3.41.1-lp150.2.16.1 as a component of openSUSE Leap 15.0 libsoftokn3-hmac-32bit-3.41.1-lp150.2.16.1 as a component of openSUSE Leap 15.0 mozilla-nss-3.41.1-lp150.2.16.1 as a component of openSUSE Leap 15.0 mozilla-nss-32bit-3.41.1-lp150.2.16.1 as a component of openSUSE Leap 15.0 mozilla-nss-certs-3.41.1-lp150.2.16.1 as a component of openSUSE Leap 15.0 mozilla-nss-certs-32bit-3.41.1-lp150.2.16.1 as a component of openSUSE Leap 15.0 mozilla-nss-devel-3.41.1-lp150.2.16.1 as a component of openSUSE Leap 15.0 mozilla-nss-sysinit-3.41.1-lp150.2.16.1 as a component of openSUSE Leap 15.0 mozilla-nss-sysinit-32bit-3.41.1-lp150.2.16.1 as a component of openSUSE Leap 15.0 mozilla-nss-tools-3.41.1-lp150.2.16.1 as a component of openSUSE Leap 15.0 A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. CVE-2018-12404 openSUSE Leap 15.0:libfreebl3-3.41.1-lp150.2.16.1 openSUSE Leap 15.0:libfreebl3-32bit-3.41.1-lp150.2.16.1 openSUSE Leap 15.0:libfreebl3-hmac-3.41.1-lp150.2.16.1 openSUSE Leap 15.0:libfreebl3-hmac-32bit-3.41.1-lp150.2.16.1 openSUSE Leap 15.0:libsoftokn3-3.41.1-lp150.2.16.1 openSUSE Leap 15.0:libsoftokn3-32bit-3.41.1-lp150.2.16.1 openSUSE Leap 15.0:libsoftokn3-hmac-3.41.1-lp150.2.16.1 openSUSE Leap 15.0:libsoftokn3-hmac-32bit-3.41.1-lp150.2.16.1 openSUSE Leap 15.0:mozilla-nss-3.41.1-lp150.2.16.1 openSUSE Leap 15.0:mozilla-nss-32bit-3.41.1-lp150.2.16.1 openSUSE Leap 15.0:mozilla-nss-certs-3.41.1-lp150.2.16.1 openSUSE Leap 15.0:mozilla-nss-certs-32bit-3.41.1-lp150.2.16.1 openSUSE Leap 15.0:mozilla-nss-devel-3.41.1-lp150.2.16.1 openSUSE Leap 15.0:mozilla-nss-sysinit-3.41.1-lp150.2.16.1 openSUSE Leap 15.0:mozilla-nss-sysinit-32bit-3.41.1-lp150.2.16.1 openSUSE Leap 15.0:mozilla-nss-tools-3.41.1-lp150.2.16.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/55UMHGS7YZ5AZ4K7HNYIQ73VCFF6QA4L/#55UMHGS7YZ5AZ4K7HNYIQ73VCFF6QA4L https://www.suse.com/security/cve/CVE-2018-12404.html CVE-2018-12404 https://bugzilla.suse.com/1119069 SUSE Bug 1119069 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 https://bugzilla.suse.com/1121207 SUSE Bug 1121207