{"id":"SUSE-SU-2020:14418-1","summary":"Security update for mozilla-nspr, mozilla-nss","details":"This update for mozilla-nspr, mozilla-nss fixes the following issues:\n\nmozilla-nss was updated to version 3.53.1\n\n- CVE-2019-11745: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate\n- CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032).\n- CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978).\n- CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819).\n- CVE-2019-11727: A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages.\n- Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669).\n- Fixed an issue where Firefox tab was crashing (bsc#1170908).\n\nRelease notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes\n\nmozilla-nspr was updated to version 4.25.\n","modified":"2026-02-04T04:34:10.795410Z","published":"2020-07-06T14:31:09Z","related":["CVE-2019-11727","CVE-2019-11745","CVE-2019-17006","CVE-2020-12399","CVE-2020-12402"],"upstream":["CVE-2019-11727","CVE-2019-11745","CVE-2019-17006","CVE-2020-12399","CVE-2020-12402"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-202014418-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1141322"},{"type":"REPORT","url":"https://bugzilla.suse.com/1158527"},{"type":"REPORT","url":"https://bugzilla.suse.com/1159819"},{"type":"REPORT","url":"https://bugzilla.suse.com/1168669"},{"type":"REPORT","url":"https://bugzilla.suse.com/1169746"},{"type":"REPORT","url":"https://bugzilla.suse.com/1170908"},{"type":"REPORT","url":"https://bugzilla.suse.com/1171978"},{"type":"REPORT","url":"https://bugzilla.suse.com/1173032"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11727"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11745"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-17006"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-12399"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-12402"}],"affected":[{"package":{"name":"mozilla-nspr","ecosystem":"SUSE:Linux Enterprise Server 11 SP4-LTSS","purl":"pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.25-29.12.2"}]}],"ecosystem_specific":{"binaries":[{"mozilla-nspr":"4.25-29.12.2","mozilla-nss-tools":"3.53.1-38.23.1","mozilla-nss-certs":"3.53.1-38.23.1","mozilla-nss-certs-32bit":"3.53.1-38.23.1","mozilla-nss-32bit":"3.53.1-38.23.1","libsoftokn3":"3.53.1-38.23.1","libfreebl3-32bit":"3.53.1-38.23.1","mozilla-nspr-32bit":"4.25-29.12.2","libfreebl3":"3.53.1-38.23.1","mozilla-nspr-devel":"4.25-29.12.2","mozilla-nss":"3.53.1-38.23.1","libsoftokn3-32bit":"3.53.1-38.23.1","mozilla-nss-devel":"3.53.1-38.23.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:14418-1.json"}},{"package":{"name":"mozilla-nss","ecosystem":"SUSE:Linux Enterprise Server 11 SP4-LTSS","purl":"pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.53.1-38.23.1"}]}],"ecosystem_specific":{"binaries":[{"mozilla-nspr":"4.25-29.12.2","mozilla-nss-tools":"3.53.1-38.23.1","mozilla-nss-certs":"3.53.1-38.23.1","mozilla-nss-certs-32bit":"3.53.1-38.23.1","mozilla-nss-32bit":"3.53.1-38.23.1","libsoftokn3":"3.53.1-38.23.1","libfreebl3-32bit":"3.53.1-38.23.1","mozilla-nspr-32bit":"4.25-29.12.2","libfreebl3":"3.53.1-38.23.1","mozilla-nspr-devel":"4.25-29.12.2","mozilla-nss":"3.53.1-38.23.1","libsoftokn3-32bit":"3.53.1-38.23.1","mozilla-nss-devel":"3.53.1-38.23.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:14418-1.json"}}],"schema_version":"1.7.3"}