Oval Definition:oval:org.opensuse.security:def:57251
Revision Date:2020-12-01Version:1
Title:Security update for Mozilla NSS
Description:



Mozilla NSS has been updated to 3.15.2 (bnc#847708) bringing various features and bugfixes:

The main feature is TLS 1.2 support and its dependent algorithms.

* * Support for AES-GCM ciphersuites that use the SHA-256 PRF * MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs * Add PK11_CipherFinal macro * sizeof() used incorrectly * nssutil_ReadSecmodDB() leaks memory * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished. * Deprecate the SSL cipher policy code * Avoid uninitialized data read in the event of a decryption failure. (CVE-2013-1739)

Changes coming with version 3.15.1:

* TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. o some bugfixes and improvements

Changes with version 3.15

* New Functionality o Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); o Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. o Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. o certutil has been updated to support creating name constraints extensions.

Security Issue reference:

* CVE-2013-1739

Family:unixClass:patch
Status:Reference(s):1006984
1006989
1014136
1015348
1022555
1026236
1027519
1028235
1029128
1029827
1030144
1030442
1037811
1069708
1071471
1073748
1076017
1079869
1083488
1085114
1085447
1091427
1094325
1094725
1097560
1097824
1099658
1100112
1103809
1103810
1104076
1104199
1106284
1109847
1110785
1113769
1120843
1120885
1122191
1131543
1131565
1132374
1132472
1134537
1134596
1134848
1135281
1135603
1136424
1136446
1136586
1136935
1137586
1138301
1138303
1167890
1168930
847708
861019
959329
977043
CVE-2012-6152
CVE-2013-1739
CVE-2013-4566
CVE-2013-6477
CVE-2013-6478
CVE-2013-6479
CVE-2013-6481
CVE-2013-6482
CVE-2013-6483
CVE-2013-6484
CVE-2013-6485
CVE-2013-6486
CVE-2013-6487
CVE-2013-6489
CVE-2013-6490
CVE-2014-0020
CVE-2014-3566
CVE-2014-3686
CVE-2015-0210
CVE-2015-1863
CVE-2015-4141
CVE-2015-4142
CVE-2015-4143
CVE-2015-5130
CVE-2015-5244
CVE-2015-5310
CVE-2015-8041
CVE-2016-3099
CVE-2017-13166
CVE-2017-15868
CVE-2017-16939
CVE-2017-5715
CVE-2017-6505
CVE-2017-7228
CVE-2018-1000004
CVE-2018-1068
CVE-2018-10915
CVE-2018-12470
CVE-2018-12471
CVE-2018-12472
CVE-2018-14647
CVE-2018-14647
CVE-2018-17972
CVE-2018-7191
CVE-2018-7566
CVE-2019-10161
CVE-2019-10167
CVE-2019-11190
CVE-2019-11477
CVE-2019-11478
CVE-2019-11479
CVE-2019-11815
CVE-2019-11833
CVE-2019-11884
CVE-2019-12382
CVE-2019-3846
CVE-2019-5010
CVE-2019-5010
CVE-2019-5489
CVE-2020-5260
SUSE-SU-2017:0983-1
SUSE-SU-2018:0238-1
SUSE-SU-2018:1025-1
SUSE-SU-2018:2631-1
SUSE-SU-2018:2898-1
SUSE-SU-2018:2902-1
SUSE-SU-2018:3909-1
SUSE-SU-2019:0482-1
SUSE-SU-2019:1534-1
SUSE-SU-2019:1686-1
SUSE-SU-2020:0992-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • emacs-25.3-lp150.1 is installed
  • OR emacs-info-25.3-lp150.1 is installed
  • OR emacs-nox-25.3-lp150.1 is installed
  • OR etags-25.3-lp150.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • libtasn1-4.13-lp151.4.3 is installed
  • OR libtasn1-6-4.13-lp151.4.3 is installed
  • OR libtasn1-6-32bit-4.13-lp151.4.3 is installed
  • OR libtasn1-devel-4.13-lp151.4.3 is installed
  • OR libtasn1-devel-32bit-4.13-lp151.4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND Package Information
  • libfreebl3-3.15.2-0.3 is installed
  • OR libfreebl3-32bit-3.15.2-0.3 is installed
  • OR mozilla-nspr-4.10.1-0.3 is installed
  • OR mozilla-nspr-32bit-4.10.1-0.3 is installed
  • OR mozilla-nss-3.15.2-0.3 is installed
  • OR mozilla-nss-32bit-3.15.2-0.3 is installed
  • OR mozilla-nss-tools-3.15.2-0.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • finch-2.6.6-0.23 is installed
  • OR libpurple-2.6.6-0.23 is installed
  • OR libpurple-lang-2.6.6-0.23 is installed
  • OR libpurple-meanwhile-2.6.6-0.23 is installed
  • OR libpurple-tcl-2.6.6-0.23 is installed
  • OR pidgin-2.6.6-0.23 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_45-default-8-2 is installed
  • OR kgraft-patch-3_12_74-60_64_45-xen-8-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_16-8-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND apache2-mod_nss-1.0.14-18 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • gpg2-2.0.24-9.3 is installed
  • OR gpg2-lang-2.0.24-9.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • glibc-2.22-62.13 is installed
  • OR glibc-32bit-2.22-62.13 is installed
  • OR glibc-devel-2.22-62.13 is installed
  • OR glibc-devel-32bit-2.22-62.13 is installed
  • OR glibc-html-2.22-62.13 is installed
  • OR glibc-i18ndata-2.22-62.13 is installed
  • OR glibc-info-2.22-62.13 is installed
  • OR glibc-locale-2.22-62.13 is installed
  • OR glibc-locale-32bit-2.22-62.13 is installed
  • OR glibc-profile-2.22-62.13 is installed
  • OR glibc-profile-32bit-2.22-62.13 is installed
  • OR nscd-2.22-62.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • libvirt-2.0.0-27.45 is installed
  • OR libvirt-client-2.0.0-27.45 is installed
  • OR libvirt-daemon-2.0.0-27.45 is installed
  • OR libvirt-daemon-config-network-2.0.0-27.45 is installed
  • OR libvirt-daemon-config-nwfilter-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-interface-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-libxl-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-lxc-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-network-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-nodedev-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-nwfilter-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-qemu-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-secret-2.0.0-27.45 is installed
  • OR libvirt-daemon-driver-storage-2.0.0-27.45 is installed
  • OR libvirt-daemon-hooks-2.0.0-27.45 is installed
  • OR libvirt-daemon-lxc-2.0.0-27.45 is installed
  • OR libvirt-daemon-qemu-2.0.0-27.45 is installed
  • OR libvirt-daemon-xen-2.0.0-27.45 is installed
  • OR libvirt-doc-2.0.0-27.45 is installed
  • OR libvirt-lock-sanlock-2.0.0-27.45 is installed
  • OR libvirt-nss-2.0.0-27.45 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • DirectFB-1.7.1-6 is installed
  • OR lib++dfb-1_7-1-1.7.1-6 is installed
  • OR libdirectfb-1_7-1-1.7.1-6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_180-94_113-default-3-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_30-3-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • perl-Mail-SpamAssassin-3.4.2-44.8 is installed
  • OR spamassassin-3.4.2-44.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libvirt-3.3.0-5.30 is installed
  • OR libvirt-admin-3.3.0-5.30 is installed
  • OR libvirt-client-3.3.0-5.30 is installed
  • OR libvirt-daemon-3.3.0-5.30 is installed
  • OR libvirt-daemon-config-network-3.3.0-5.30 is installed
  • OR libvirt-daemon-config-nwfilter-3.3.0-5.30 is installed
  • OR libvirt-daemon-driver-interface-3.3.0-5.30 is installed
  • OR libvirt-daemon-driver-libxl-3.3.0-5.30 is installed
  • OR libvirt-daemon-driver-lxc-3.3.0-5.30 is installed
  • OR libvirt-daemon-driver-network-3.3.0-5.30 is installed
  • OR libvirt-daemon-driver-nodedev-3.3.0-5.30 is installed
  • OR libvirt-daemon-driver-nwfilter-3.3.0-5.30 is installed
  • OR libvirt-daemon-driver-qemu-3.3.0-5.30 is installed
  • OR libvirt-daemon-driver-secret-3.3.0-5.30 is installed
  • OR libvirt-daemon-driver-storage-3.3.0-5.30 is installed
  • OR libvirt-daemon-driver-storage-core-3.3.0-5.30 is installed
  • OR libvirt-daemon-driver-storage-disk-3.3.0-5.30 is installed
  • OR libvirt-daemon-driver-storage-iscsi-3.3.0-5.30 is installed
  • OR libvirt-daemon-driver-storage-logical-3.3.0-5.30 is installed
  • OR libvirt-daemon-driver-storage-mpath-3.3.0-5.30 is installed
  • OR libvirt-daemon-driver-storage-rbd-3.3.0-5.30 is installed
  • OR libvirt-daemon-driver-storage-scsi-3.3.0-5.30 is installed
  • OR libvirt-daemon-hooks-3.3.0-5.30 is installed
  • OR libvirt-daemon-lxc-3.3.0-5.30 is installed
  • OR libvirt-daemon-qemu-3.3.0-5.30 is installed
  • OR libvirt-daemon-xen-3.3.0-5.30 is installed
  • OR libvirt-doc-3.3.0-5.30 is installed
  • OR libvirt-libs-3.3.0-5.30 is installed
  • OR libvirt-lock-sanlock-3.3.0-5.30 is installed
  • OR libvirt-nss-3.3.0-5.30 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND ucode-intel-20191112a-13.56 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • kernel-default-4.4.121-92.114 is installed
  • OR kernel-default-base-4.4.121-92.114 is installed
  • OR kernel-default-devel-4.4.121-92.114 is installed
  • OR kernel-default-man-4.4.121-92.114 is installed
  • OR kernel-devel-4.4.121-92.114 is installed
  • OR kernel-macros-4.4.121-92.114 is installed
  • OR kernel-source-4.4.121-92.114 is installed
  • OR kernel-syms-4.4.121-92.114 is installed
  • OR kgraft-patch-4_4_121-92_114-default-1-3.5 is installed
  • OR kgraft-patch-SLE12-SP2_Update_30-1-3.5 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • libsolv-0.6.36-2.16 is installed
  • OR libsolv-tools-0.6.36-2.16 is installed
  • OR libzypp-16.20.0-2.39 is installed
  • OR perl-solv-0.6.36-2.16 is installed
  • OR python-solv-0.6.36-2.16 is installed
  • OR zypper-1.13.51-21.26 is installed
  • OR zypper-log-1.13.51-21.26 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND couchdb-1.7.2-3.3 is installed
    • BACK