Synopsis: Moderate: nss, nss-softokn, nss-util, and nspr security, bug
Advisory ID: SLSA-2019:2237-1
Issue Date: 2019-08-06
CVE Numbers: CVE-2018-0495
CVE-2018-12404
—
Netscape Portable Runtime (NSPR) provides platform independence for non-
GUI operating system facilities.
The following packages have been upgraded to a later upstream version: nss
(3.44.0), nss-softokn (3.44.0), nss-util (3.44.0), nspr (4.21.0).
Security Fix(es):
* ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries
(CVE-2018-0495)
* nss: Cache side-channel variant of the Bleichenbacher attack
(CVE-2018-12404)
—
SL7
x86_64
nss-softokn-3.44.0-5.el7.x86_64.rpm
nss-devel-3.44.0-4.el7.i686.rpm
nss-softokn-freebl-3.44.0-5.el7.i686.rpm
nspr-devel-4.21.0-1.el7.i686.rpm
nss-devel-3.44.0-4.el7.x86_64.rpm
nss-tools-3.44.0-4.el7.x86_64.rpm
nss-softokn-devel-3.44.0-5.el7.i686.rpm
nss-sysinit-3.44.0-4.el7.x86_64.rpm
nss-util-devel-3.44.0-3.el7.x86_64.rpm
nspr-4.21.0-1.el7.x86_64.rpm
nspr-devel-4.21.0-1.el7.x86_64.rpm
nss-util-3.44.0-3.el7.x86_64.rpm
nss-softokn-freebl-devel-3.44.0-5.el7.x86_64.rpm
nss-softokn-freebl-devel-3.44.0-5.el7.i686.rpm
nss-softokn-3.44.0-5.el7.i686.rpm
nss-util-devel-3.44.0-3.el7.i686.rpm
nss-softokn-devel-3.44.0-5.el7.x86_64.rpm
nss-3.44.0-4.el7.i686.rpm
nspr-4.21.0-1.el7.i686.rpm
nss-3.44.0-4.el7.x86_64.rpm
nss-util-3.44.0-3.el7.i686.rpm
nss-softokn-freebl-3.44.0-5.el7.x86_64.rpm
nss-pkcs11-devel-3.44.0-4.el7.i686.rpm
nss-pkcs11-devel-3.44.0-4.el7.x86_64.rpm
nspr-debuginfo-4.21.0-1.el7.i686.rpm
nspr-debuginfo-4.21.0-1.el7.x86_64.rpm
nss-debuginfo-3.44.0-4.el7.i686.rpm
nss-debuginfo-3.44.0-4.el7.x86_64.rpm
nss-softokn-debuginfo-3.44.0-5.el7.i686.rpm
nss-softokn-debuginfo-3.44.0-5.el7.x86_64.rpm
nss-util-debuginfo-3.44.0-3.el7.i686.rpm
nss-util-debuginfo-3.44.0-3.el7.x86_64.rpm
– Scientific Linux Development Team
