SUSE-SU-2025:20030-1
Vulnerability from csaf_suse - Published: 2025-02-03 08:51 - Updated: 2025-02-03 08:51Summary
Security update for mozilla-nss
Severity
Critical
Notes
Title of the patch: Security update for mozilla-nss
Description of the patch: This update for mozilla-nss fixes the following issues:
- update to NSS 3.101.2
- ChaChaXor to return after the function
- update to NSS 3.101.1
- missing sqlite header.
- GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
- update to NSS 3.101
- add diagnostic assertions for SFTKObject refcount.
- freeing the slot in DeleteCertAndKey if authentication failed
- fix formatting issues.
- Add Firmaprofesional CA Root-A Web to NSS.
- remove invalid acvp fuzz test vectors.
- pad short P-384 and P-521 signatures gtests.
- remove unused FreeBL ECC code.
- pad short P-384 and P-521 signatures.
- be less strict about ECDSA private key length.
- Integrate HACL* P-521.
- Integrate HACL* P-384.
- memory leak in create_objects_from_handles.
- ensure all input is consumed in a few places in mozilla::pkix
- SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
- clean up escape handling
- Use lib::pkix as default validator instead of the old-one
- Need to add high level support for PQ signing.
- Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation
- SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
- Allow for non-full length ecdsa signature when using softoken
- Modification of .taskcluster.yml due to mozlint indent defects
- Implement support for PBMAC1 in PKCS#12
- disable VLA warnings for fuzz builds.
- remove redundant AllocItem implementation.
- add PK11_ReadDistrustAfterAttribute.
- Clang-formatting of SEC_GetMgfTypeByOidTag update
- Set SEC_ERROR_LIBRARY_FAILURE on self-test failure
- sftk_getParameters(): Fix fallback to default variable after error with configfile.
- Switch to the mozillareleases/image_builder image
- update to NSS 3.100
- merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations.
- remove ckcapi.
- avoid a potential PK11GenericObject memory leak.
- Remove incomplete ESDH code.
- Decrypt RSA OAEP encrypted messages.
- Fix certutil CRLDP URI code.
- Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys.
- Add ability to encrypt and decrypt CMS messages using ECDH.
- Correct Templates for key agreement in smime/cmsasn.c.
- Moving the decodedCert allocation to NSS.
- Allow developers to speed up repeated local execution of NSS tests that depend on certificates.
- update to NSS 3.99
- Removing check for message len in ed25519
- add ed25519 to SECU_ecName2params.
- add EdDSA wycheproof tests.
- nss/lib layer code for EDDSA.
- Adding EdDSA implementation.
- Exporting Certificate Compression types
- Updating ACVP docker to rust 1.74
- Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552
- Add NSS_CMSRecipient_IsSupported.
- update to NSS 3.98
- CVE-2023-5388: Timing attack against RSA decryption in TLS
- Certificate Compression: enabling the check that the compression was advertised
- Move Windows workers to nss-1/b-win2022-alpha
- Remove Email trust bit from OISTE WISeKey Global Root GC CA
- Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss`
- Certificate Compression: Updating nss_bogo_shim to support Certificate compression
- TLS Certificate Compression (RFC 8879) Implementation
- Add valgrind annotations to freebl kyber operations for constant-time execution tests
- Set nssckbi version number to 2.66
- Add Telekom Security roots
- Add D-Trust 2022 S/MIME roots
- Remove expired Security Communication RootCA1 root
- move keys to a slot that supports concatenation in PK11_ConcatSymKeys
- remove unmaintained tls-interop tests
- bogo: add support for the -ipv6 and -shim-id shim flags
- bogo: add support for the -curves shim flag and update Kyber expectations
- bogo: adjust expectation for a key usage bit test
- mozpkix: add option to ignore invalid subject alternative names
- Fix selfserv not stripping `publicname:` from -X value
- take ownership of ecckilla shims
- add valgrind annotations to freebl/ec.c
- PR_INADDR_ANY needs PR_htonl before assignment to inet.ip
- Update zlib to 1.3.1
- update to NSS 3.97
- make Xyber768d00 opt-in by policy
- add libssl support for xyber768d00
- add PK11_ConcatSymKeys
- add Kyber and a PKCS#11 KEM interface to softoken
- add a FreeBL API for Kyber
- part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff
- part 1: add a script for vendoring kyber from pq-crystals repo
- Removing the calls to RSA Blind from loader.*
- fix worker type for level3 mac tasks
- RSA Blind implementation
- Remove DSA selftests
- read KWP testvectors from JSON
- Backed out changeset dcb174139e4f
- Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation
- Wrap CC shell commands in gyp expansions
- update to NSS 3.96.1
- Use pypi dependencies for MacOS worker in ./build_gyp.sh
- p7sign: add -a hash and -u certusage (also p7verify cleanups)
- add a defensive check for large ssl_DefSend return values
- Add dependency to the taskcluster script for Darwin
- Upgrade version of the MacOS worker for the CI
- update to NSS 3.95
- Bump builtins version number.
- Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert.
- Remove 4 DigiCert (Symantec/Verisign) Root Certificates
- Remove 3 TrustCor Root Certificates from NSS.
- Remove Camerfirma root certificates from NSS.
- Remove old Autoridad de Certificacion Firmaprofesional Certificate.
- Add four Commscope root certificates to NSS.
- Add TrustAsia Global Root CA G3 and G4 root certificates.
- Include P-384 and P-521 Scalar Validation from HACL*
- Include P-256 Scalar Validation from HACL*.
- After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level
- Add means to provide library parameters to C_Initialize
- clang format
- add OSXSAVE and XCR0 tests to AVX2 detection.
- Typo in ssl3_AppendHandshakeNumber
- Introducing input check of ssl3_AppendHandshakeNumber
- Fix Invalid casts in instance.c
- update to NSS 3.94
- Updated code and commit ID for HACL*
- update ACVP fuzzed test vector: refuzzed with current NSS
- Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants
- NSS needs a database tool that can dump the low level representation of the database
- declare string literals using char in pkixnames_tests.cpp
- avoid implicit conversion for ByteString
- update rust version for acvp docker
- Moving the init function of the mpi_ints before clean-up in ec.c
- P-256 ECDH and ECDSA from HACL*
- Add ACVP test vectors to the repository
- Stop relying on std::basic_string<uint8_t>
- Transpose the PPC_ABI check from Makefile to gyp
- Update to NSS 3.93:
- Update zlib in NSS to 1.3.
- softoken: iterate hashUpdate calls for long inputs.
- regenerate NameConstraints test certificates (bsc#1214980).
- update to NSS 3.92
- Set nssckbi version number to 2.62
- Add 4 Atos TrustedRoot Root CA certificates to NSS
- Add 4 SSL.com Root CA certificates
- Add Sectigo E46 and R46 Root CA certificates
- Add LAWtrust Root CA2 (4096)
- Remove E-Tugra Certification Authority root
- Remove Camerfirma Chambers of Commerce Root.
- Remove Hongkong Post Root CA 1
- Remove E-Tugra Global Root CA ECC v3 and RSA v3
- Avoid redefining BYTE_ORDER on hppa Linux
- update to NSS 3.91
- Implementation of the HW support check for ADX instruction
- Removing the support of Curve25519
- Fix comment about the addition of ticketSupportsEarlyData
- Adding args to enable-legacy-db build
- dbtests.sh failure in "certutil dump keys with explicit default trust flags"
- Initialize flags in slot structures
- Improve the length check of RSA input to avoid heap overflow
- Followup Fixes
- avoid processing unexpected inputs by checking for m_exptmod base sign
- add a limit check on order_k to avoid infinite loop
- Update HACL* to commit 5f6051d2
- add SHA3 to cryptohi and softoken
- HACL SHA3
- Disabling ASM C25519 for A but X86_64
- update to NSS 3.90.3
- GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
- clean up escape handling.
- remove redundant AllocItem implementation.
- Disable ASM support for Curve25519.
- Disable ASM support for Curve25519 for all but X86_64.
Patchnames: SUSE-SLE-Micro-6.0-59
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for mozilla-nss",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for mozilla-nss fixes the following issues:\n\n- update to NSS 3.101.2\n - ChaChaXor to return after the function\n\n- update to NSS 3.101.1 \n - missing sqlite header.\n - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.\n\n- update to NSS 3.101\n - add diagnostic assertions for SFTKObject refcount.\n - freeing the slot in DeleteCertAndKey if authentication failed\n - fix formatting issues.\n - Add Firmaprofesional CA Root-A Web to NSS.\n - remove invalid acvp fuzz test vectors.\n - pad short P-384 and P-521 signatures gtests.\n - remove unused FreeBL ECC code.\n - pad short P-384 and P-521 signatures.\n - be less strict about ECDSA private key length.\n - Integrate HACL* P-521.\n - Integrate HACL* P-384.\n - memory leak in create_objects_from_handles.\n - ensure all input is consumed in a few places in mozilla::pkix\n - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy\n - clean up escape handling\n - Use lib::pkix as default validator instead of the old-one\n - Need to add high level support for PQ signing.\n - Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation\n - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy\n - Allow for non-full length ecdsa signature when using softoken\n - Modification of .taskcluster.yml due to mozlint indent defects\n - Implement support for PBMAC1 in PKCS#12\n - disable VLA warnings for fuzz builds.\n - remove redundant AllocItem implementation.\n - add PK11_ReadDistrustAfterAttribute.\n - Clang-formatting of SEC_GetMgfTypeByOidTag update\n - Set SEC_ERROR_LIBRARY_FAILURE on self-test failure\n - sftk_getParameters(): Fix fallback to default variable after error with configfile.\n - Switch to the mozillareleases/image_builder image\n\n- update to NSS 3.100\n - merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations.\n - remove ckcapi.\n - avoid a potential PK11GenericObject memory leak.\n - Remove incomplete ESDH code.\n - Decrypt RSA OAEP encrypted messages.\n - Fix certutil CRLDP URI code.\n - Don\u0027t set CKA_DERIVE for CKK_EC_EDWARDS private keys.\n - Add ability to encrypt and decrypt CMS messages using ECDH.\n - Correct Templates for key agreement in smime/cmsasn.c.\n - Moving the decodedCert allocation to NSS.\n - Allow developers to speed up repeated local execution of NSS tests that depend on certificates.\n\n- update to NSS 3.99\n - Removing check for message len in ed25519\n - add ed25519 to SECU_ecName2params.\n - add EdDSA wycheproof tests.\n - nss/lib layer code for EDDSA.\n - Adding EdDSA implementation.\n - Exporting Certificate Compression types\n - Updating ACVP docker to rust 1.74\n - Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552\n - Add NSS_CMSRecipient_IsSupported.\n\n- update to NSS 3.98\n - CVE-2023-5388: Timing attack against RSA decryption in TLS\n - Certificate Compression: enabling the check that the compression was advertised\n - Move Windows workers to nss-1/b-win2022-alpha\n - Remove Email trust bit from OISTE WISeKey Global Root GC CA\n - Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss`\n - Certificate Compression: Updating nss_bogo_shim to support Certificate compression\n - TLS Certificate Compression (RFC 8879) Implementation\n - Add valgrind annotations to freebl kyber operations for constant-time execution tests\n - Set nssckbi version number to 2.66\n - Add Telekom Security roots\n - Add D-Trust 2022 S/MIME roots\n - Remove expired Security Communication RootCA1 root\n - move keys to a slot that supports concatenation in PK11_ConcatSymKeys\n - remove unmaintained tls-interop tests\n - bogo: add support for the -ipv6 and -shim-id shim flags\n - bogo: add support for the -curves shim flag and update Kyber expectations\n - bogo: adjust expectation for a key usage bit test\n - mozpkix: add option to ignore invalid subject alternative names\n - Fix selfserv not stripping `publicname:` from -X value\n - take ownership of ecckilla shims\n - add valgrind annotations to freebl/ec.c\n - PR_INADDR_ANY needs PR_htonl before assignment to inet.ip\n - Update zlib to 1.3.1\n\n- update to NSS 3.97\n - make Xyber768d00 opt-in by policy\n - add libssl support for xyber768d00\n - add PK11_ConcatSymKeys\n - add Kyber and a PKCS#11 KEM interface to softoken\n - add a FreeBL API for Kyber\n - part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff\n - part 1: add a script for vendoring kyber from pq-crystals repo\n - Removing the calls to RSA Blind from loader.*\n - fix worker type for level3 mac tasks\n - RSA Blind implementation\n - Remove DSA selftests\n - read KWP testvectors from JSON\n - Backed out changeset dcb174139e4f\n - Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation\n - Wrap CC shell commands in gyp expansions\n\n- update to NSS 3.96.1\n - Use pypi dependencies for MacOS worker in ./build_gyp.sh\n - p7sign: add -a hash and -u certusage (also p7verify cleanups)\n - add a defensive check for large ssl_DefSend return values\n - Add dependency to the taskcluster script for Darwin\n - Upgrade version of the MacOS worker for the CI\n\n- update to NSS 3.95\n - Bump builtins version number.\n - Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert.\n - Remove 4 DigiCert (Symantec/Verisign) Root Certificates\n - Remove 3 TrustCor Root Certificates from NSS.\n - Remove Camerfirma root certificates from NSS.\n - Remove old Autoridad de Certificacion Firmaprofesional Certificate.\n - Add four Commscope root certificates to NSS.\n - Add TrustAsia Global Root CA G3 and G4 root certificates.\n - Include P-384 and P-521 Scalar Validation from HACL*\n - Include P-256 Scalar Validation from HACL*.\n - After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level\n - Add means to provide library parameters to C_Initialize\n - clang format\n - add OSXSAVE and XCR0 tests to AVX2 detection.\n - Typo in ssl3_AppendHandshakeNumber\n - Introducing input check of ssl3_AppendHandshakeNumber\n - Fix Invalid casts in instance.c\n\n- update to NSS 3.94\n - Updated code and commit ID for HACL*\n - update ACVP fuzzed test vector: refuzzed with current NSS\n - Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants\n - NSS needs a database tool that can dump the low level representation of the database\n - declare string literals using char in pkixnames_tests.cpp\n - avoid implicit conversion for ByteString\n - update rust version for acvp docker\n - Moving the init function of the mpi_ints before clean-up in ec.c\n - P-256 ECDH and ECDSA from HACL*\n - Add ACVP test vectors to the repository\n - Stop relying on std::basic_string\u003cuint8_t\u003e\n - Transpose the PPC_ABI check from Makefile to gyp\n\n- Update to NSS 3.93:\n - Update zlib in NSS to 1.3.\n - softoken: iterate hashUpdate calls for long inputs.\n - regenerate NameConstraints test certificates (bsc#1214980).\n\n- update to NSS 3.92\n - Set nssckbi version number to 2.62\n - Add 4 Atos TrustedRoot Root CA certificates to NSS\n - Add 4 SSL.com Root CA certificates\n - Add Sectigo E46 and R46 Root CA certificates\n - Add LAWtrust Root CA2 (4096)\n - Remove E-Tugra Certification Authority root\n - Remove Camerfirma Chambers of Commerce Root.\n - Remove Hongkong Post Root CA 1\n - Remove E-Tugra Global Root CA ECC v3 and RSA v3\n - Avoid redefining BYTE_ORDER on hppa Linux\n\n- update to NSS 3.91\n - Implementation of the HW support check for ADX instruction\n - Removing the support of Curve25519\n - Fix comment about the addition of ticketSupportsEarlyData\n - Adding args to enable-legacy-db build\n - dbtests.sh failure in \"certutil dump keys with explicit default trust flags\"\n - Initialize flags in slot structures\n - Improve the length check of RSA input to avoid heap overflow\n - Followup Fixes\n - avoid processing unexpected inputs by checking for m_exptmod base sign\n - add a limit check on order_k to avoid infinite loop\n - Update HACL* to commit 5f6051d2\n - add SHA3 to cryptohi and softoken\n - HACL SHA3\n - Disabling ASM C25519 for A but X86_64\n\n- update to NSS 3.90.3\n - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.\n - clean up escape handling.\n - remove redundant AllocItem implementation.\n - Disable ASM support for Curve25519.\n - Disable ASM support for Curve25519 for all but X86_64. \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-59",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20030-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20030-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520030-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20030-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021346.html"
},
{
"category": "self",
"summary": "SUSE Bug 1214980",
"url": "https://bugzilla.suse.com/1214980"
},
{
"category": "self",
"summary": "SUSE Bug 1216198",
"url": "https://bugzilla.suse.com/1216198"
},
{
"category": "self",
"summary": "SUSE Bug 1222804",
"url": "https://bugzilla.suse.com/1222804"
},
{
"category": "self",
"summary": "SUSE Bug 1222807",
"url": "https://bugzilla.suse.com/1222807"
},
{
"category": "self",
"summary": "SUSE Bug 1222811",
"url": "https://bugzilla.suse.com/1222811"
},
{
"category": "self",
"summary": "SUSE Bug 1222813",
"url": "https://bugzilla.suse.com/1222813"
},
{
"category": "self",
"summary": "SUSE Bug 1222814",
"url": "https://bugzilla.suse.com/1222814"
},
{
"category": "self",
"summary": "SUSE Bug 1222821",
"url": "https://bugzilla.suse.com/1222821"
},
{
"category": "self",
"summary": "SUSE Bug 1222822",
"url": "https://bugzilla.suse.com/1222822"
},
{
"category": "self",
"summary": "SUSE Bug 1222826",
"url": "https://bugzilla.suse.com/1222826"
},
{
"category": "self",
"summary": "SUSE Bug 1222828",
"url": "https://bugzilla.suse.com/1222828"
},
{
"category": "self",
"summary": "SUSE Bug 1222830",
"url": "https://bugzilla.suse.com/1222830"
},
{
"category": "self",
"summary": "SUSE Bug 1222833",
"url": "https://bugzilla.suse.com/1222833"
},
{
"category": "self",
"summary": "SUSE Bug 1222834",
"url": "https://bugzilla.suse.com/1222834"
},
{
"category": "self",
"summary": "SUSE Bug 1223724",
"url": "https://bugzilla.suse.com/1223724"
},
{
"category": "self",
"summary": "SUSE Bug 1224113",
"url": "https://bugzilla.suse.com/1224113"
},
{
"category": "self",
"summary": "SUSE Bug 1224115",
"url": "https://bugzilla.suse.com/1224115"
},
{
"category": "self",
"summary": "SUSE Bug 1224116",
"url": "https://bugzilla.suse.com/1224116"
},
{
"category": "self",
"summary": "SUSE Bug 1224118",
"url": "https://bugzilla.suse.com/1224118"
},
{
"category": "self",
"summary": "SUSE Bug 1227918",
"url": "https://bugzilla.suse.com/1227918"
},
{
"category": "self",
"summary": "SUSE Bug 1325335",
"url": "https://bugzilla.suse.com/1325335"
},
{
"category": "self",
"summary": "SUSE Bug 1548723",
"url": "https://bugzilla.suse.com/1548723"
},
{
"category": "self",
"summary": "SUSE Bug 1573097",
"url": "https://bugzilla.suse.com/1573097"
},
{
"category": "self",
"summary": "SUSE Bug 1615555",
"url": "https://bugzilla.suse.com/1615555"
},
{
"category": "self",
"summary": "SUSE Bug 1748105",
"url": "https://bugzilla.suse.com/1748105"
},
{
"category": "self",
"summary": "SUSE Bug 1753026",
"url": "https://bugzilla.suse.com/1753026"
},
{
"category": "self",
"summary": "SUSE Bug 1757758",
"url": "https://bugzilla.suse.com/1757758"
},
{
"category": "self",
"summary": "SUSE Bug 1774659",
"url": "https://bugzilla.suse.com/1774659"
},
{
"category": "self",
"summary": "SUSE Bug 1775046",
"url": "https://bugzilla.suse.com/1775046"
},
{
"category": "self",
"summary": "SUSE Bug 1780432",
"url": "https://bugzilla.suse.com/1780432"
},
{
"category": "self",
"summary": "SUSE Bug 1784253",
"url": "https://bugzilla.suse.com/1784253"
},
{
"category": "self",
"summary": "SUSE Bug 1793811",
"url": "https://bugzilla.suse.com/1793811"
},
{
"category": "self",
"summary": "SUSE Bug 1813401",
"url": "https://bugzilla.suse.com/1813401"
},
{
"category": "self",
"summary": "SUSE Bug 1818766",
"url": "https://bugzilla.suse.com/1818766"
},
{
"category": "self",
"summary": "SUSE Bug 1822450",
"url": "https://bugzilla.suse.com/1822450"
},
{
"category": "self",
"summary": "SUSE Bug 1822935",
"url": "https://bugzilla.suse.com/1822935"
},
{
"category": "self",
"summary": "SUSE Bug 1822936",
"url": "https://bugzilla.suse.com/1822936"
},
{
"category": "self",
"summary": "SUSE Bug 1826451",
"url": "https://bugzilla.suse.com/1826451"
},
{
"category": "self",
"summary": "SUSE Bug 1826652",
"url": "https://bugzilla.suse.com/1826652"
},
{
"category": "self",
"summary": "SUSE Bug 1827224",
"url": "https://bugzilla.suse.com/1827224"
},
{
"category": "self",
"summary": "SUSE Bug 1827303",
"url": "https://bugzilla.suse.com/1827303"
},
{
"category": "self",
"summary": "SUSE Bug 1827444",
"url": "https://bugzilla.suse.com/1827444"
},
{
"category": "self",
"summary": "SUSE Bug 1829112",
"url": "https://bugzilla.suse.com/1829112"
},
{
"category": "self",
"summary": "SUSE Bug 1830415",
"url": "https://bugzilla.suse.com/1830415"
},
{
"category": "self",
"summary": "SUSE Bug 1830978",
"url": "https://bugzilla.suse.com/1830978"
},
{
"category": "self",
"summary": "SUSE Bug 1831552",
"url": "https://bugzilla.suse.com/1831552"
},
{
"category": "self",
"summary": "SUSE Bug 1833270",
"url": "https://bugzilla.suse.com/1833270"
},
{
"category": "self",
"summary": "SUSE Bug 1834851",
"url": "https://bugzilla.suse.com/1834851"
},
{
"category": "self",
"summary": "SUSE Bug 1835357",
"url": "https://bugzilla.suse.com/1835357"
},
{
"category": "self",
"summary": "SUSE Bug 1835425",
"url": "https://bugzilla.suse.com/1835425"
},
{
"category": "self",
"summary": "SUSE Bug 1835828",
"url": "https://bugzilla.suse.com/1835828"
},
{
"category": "self",
"summary": "SUSE Bug 1836781",
"url": "https://bugzilla.suse.com/1836781"
},
{
"category": "self",
"summary": "SUSE Bug 1836925",
"url": "https://bugzilla.suse.com/1836925"
},
{
"category": "self",
"summary": "SUSE Bug 1837431",
"url": "https://bugzilla.suse.com/1837431"
},
{
"category": "self",
"summary": "SUSE Bug 1837617",
"url": "https://bugzilla.suse.com/1837617"
},
{
"category": "self",
"summary": "SUSE Bug 1837987",
"url": "https://bugzilla.suse.com/1837987"
},
{
"category": "self",
"summary": "SUSE Bug 1839327",
"url": "https://bugzilla.suse.com/1839327"
},
{
"category": "self",
"summary": "SUSE Bug 1839795",
"url": "https://bugzilla.suse.com/1839795"
},
{
"category": "self",
"summary": "SUSE Bug 1839992",
"url": "https://bugzilla.suse.com/1839992"
},
{
"category": "self",
"summary": "SUSE Bug 1840429",
"url": "https://bugzilla.suse.com/1840429"
},
{
"category": "self",
"summary": "SUSE Bug 1840437",
"url": "https://bugzilla.suse.com/1840437"
},
{
"category": "self",
"summary": "SUSE Bug 1840505",
"url": "https://bugzilla.suse.com/1840505"
},
{
"category": "self",
"summary": "SUSE Bug 1840510",
"url": "https://bugzilla.suse.com/1840510"
},
{
"category": "self",
"summary": "SUSE Bug 1841029",
"url": "https://bugzilla.suse.com/1841029"
},
{
"category": "self",
"summary": "SUSE Bug 1842928",
"url": "https://bugzilla.suse.com/1842928"
},
{
"category": "self",
"summary": "SUSE Bug 1842932",
"url": "https://bugzilla.suse.com/1842932"
},
{
"category": "self",
"summary": "SUSE Bug 1842935",
"url": "https://bugzilla.suse.com/1842935"
},
{
"category": "self",
"summary": "SUSE Bug 1842937",
"url": "https://bugzilla.suse.com/1842937"
},
{
"category": "self",
"summary": "SUSE Bug 1847845",
"url": "https://bugzilla.suse.com/1847845"
},
{
"category": "self",
"summary": "SUSE Bug 1848183",
"url": "https://bugzilla.suse.com/1848183"
},
{
"category": "self",
"summary": "SUSE Bug 1849077",
"url": "https://bugzilla.suse.com/1849077"
},
{
"category": "self",
"summary": "SUSE Bug 1849471",
"url": "https://bugzilla.suse.com/1849471"
},
{
"category": "self",
"summary": "SUSE Bug 1850598",
"url": "https://bugzilla.suse.com/1850598"
},
{
"category": "self",
"summary": "SUSE Bug 1850982",
"url": "https://bugzilla.suse.com/1850982"
},
{
"category": "self",
"summary": "SUSE Bug 1851044",
"url": "https://bugzilla.suse.com/1851044"
},
{
"category": "self",
"summary": "SUSE Bug 1851049",
"url": "https://bugzilla.suse.com/1851049"
},
{
"category": "self",
"summary": "SUSE Bug 1852011",
"url": "https://bugzilla.suse.com/1852011"
},
{
"category": "self",
"summary": "SUSE Bug 1852179",
"url": "https://bugzilla.suse.com/1852179"
},
{
"category": "self",
"summary": "SUSE Bug 1853737",
"url": "https://bugzilla.suse.com/1853737"
},
{
"category": "self",
"summary": "SUSE Bug 1854438",
"url": "https://bugzilla.suse.com/1854438"
},
{
"category": "self",
"summary": "SUSE Bug 1854439",
"url": "https://bugzilla.suse.com/1854439"
},
{
"category": "self",
"summary": "SUSE Bug 1854795",
"url": "https://bugzilla.suse.com/1854795"
},
{
"category": "self",
"summary": "SUSE Bug 1855318",
"url": "https://bugzilla.suse.com/1855318"
},
{
"category": "self",
"summary": "SUSE Bug 1858241",
"url": "https://bugzilla.suse.com/1858241"
},
{
"category": "self",
"summary": "SUSE Bug 1860670",
"url": "https://bugzilla.suse.com/1860670"
},
{
"category": "self",
"summary": "SUSE Bug 1861265",
"url": "https://bugzilla.suse.com/1861265"
},
{
"category": "self",
"summary": "SUSE Bug 1861728",
"url": "https://bugzilla.suse.com/1861728"
},
{
"category": "self",
"summary": "SUSE Bug 1863605",
"url": "https://bugzilla.suse.com/1863605"
},
{
"category": "self",
"summary": "SUSE Bug 1865450",
"url": "https://bugzilla.suse.com/1865450"
},
{
"category": "self",
"summary": "SUSE Bug 1867408",
"url": "https://bugzilla.suse.com/1867408"
},
{
"category": "self",
"summary": "SUSE Bug 1869378",
"url": "https://bugzilla.suse.com/1869378"
},
{
"category": "self",
"summary": "SUSE Bug 1869408",
"url": "https://bugzilla.suse.com/1869408"
},
{
"category": "self",
"summary": "SUSE Bug 1869642",
"url": "https://bugzilla.suse.com/1869642"
},
{
"category": "self",
"summary": "SUSE Bug 1870673",
"url": "https://bugzilla.suse.com/1870673"
},
{
"category": "self",
"summary": "SUSE Bug 1871152",
"url": "https://bugzilla.suse.com/1871152"
},
{
"category": "self",
"summary": "SUSE Bug 1871219",
"url": "https://bugzilla.suse.com/1871219"
},
{
"category": "self",
"summary": "SUSE Bug 1871630",
"url": "https://bugzilla.suse.com/1871630"
},
{
"category": "self",
"summary": "SUSE Bug 1871631",
"url": "https://bugzilla.suse.com/1871631"
},
{
"category": "self",
"summary": "SUSE Bug 1873095",
"url": "https://bugzilla.suse.com/1873095"
},
{
"category": "self",
"summary": "SUSE Bug 1873296",
"url": "https://bugzilla.suse.com/1873296"
},
{
"category": "self",
"summary": "SUSE Bug 1874017",
"url": "https://bugzilla.suse.com/1874017"
},
{
"category": "self",
"summary": "SUSE Bug 1874111",
"url": "https://bugzilla.suse.com/1874111"
},
{
"category": "self",
"summary": "SUSE Bug 1874458",
"url": "https://bugzilla.suse.com/1874458"
},
{
"category": "self",
"summary": "SUSE Bug 1874937",
"url": "https://bugzilla.suse.com/1874937"
},
{
"category": "self",
"summary": "SUSE Bug 1875356",
"url": "https://bugzilla.suse.com/1875356"
},
{
"category": "self",
"summary": "SUSE Bug 1875506",
"url": "https://bugzilla.suse.com/1875506"
},
{
"category": "self",
"summary": "SUSE Bug 1875965",
"url": "https://bugzilla.suse.com/1875965"
},
{
"category": "self",
"summary": "SUSE Bug 1876179",
"url": "https://bugzilla.suse.com/1876179"
},
{
"category": "self",
"summary": "SUSE Bug 1876390",
"url": "https://bugzilla.suse.com/1876390"
},
{
"category": "self",
"summary": "SUSE Bug 1876800",
"url": "https://bugzilla.suse.com/1876800"
},
{
"category": "self",
"summary": "SUSE Bug 1877344",
"url": "https://bugzilla.suse.com/1877344"
},
{
"category": "self",
"summary": "SUSE Bug 1877730",
"url": "https://bugzilla.suse.com/1877730"
},
{
"category": "self",
"summary": "SUSE Bug 1879513",
"url": "https://bugzilla.suse.com/1879513"
},
{
"category": "self",
"summary": "SUSE Bug 1879945",
"url": "https://bugzilla.suse.com/1879945"
},
{
"category": "self",
"summary": "SUSE Bug 1880857",
"url": "https://bugzilla.suse.com/1880857"
},
{
"category": "self",
"summary": "SUSE Bug 1881027",
"url": "https://bugzilla.suse.com/1881027"
},
{
"category": "self",
"summary": "SUSE Bug 1884276",
"url": "https://bugzilla.suse.com/1884276"
},
{
"category": "self",
"summary": "SUSE Bug 1884444",
"url": "https://bugzilla.suse.com/1884444"
},
{
"category": "self",
"summary": "SUSE Bug 1885404",
"url": "https://bugzilla.suse.com/1885404"
},
{
"category": "self",
"summary": "SUSE Bug 1887996",
"url": "https://bugzilla.suse.com/1887996"
},
{
"category": "self",
"summary": "SUSE Bug 1889671",
"url": "https://bugzilla.suse.com/1889671"
},
{
"category": "self",
"summary": "SUSE Bug 1890069",
"url": "https://bugzilla.suse.com/1890069"
},
{
"category": "self",
"summary": "SUSE Bug 1893029",
"url": "https://bugzilla.suse.com/1893029"
},
{
"category": "self",
"summary": "SUSE Bug 1893162",
"url": "https://bugzilla.suse.com/1893162"
},
{
"category": "self",
"summary": "SUSE Bug 1893334",
"url": "https://bugzilla.suse.com/1893334"
},
{
"category": "self",
"summary": "SUSE Bug 1893404",
"url": "https://bugzilla.suse.com/1893404"
},
{
"category": "self",
"summary": "SUSE Bug 1893752",
"url": "https://bugzilla.suse.com/1893752"
},
{
"category": "self",
"summary": "SUSE Bug 1894572",
"url": "https://bugzilla.suse.com/1894572"
},
{
"category": "self",
"summary": "SUSE Bug 1895012",
"url": "https://bugzilla.suse.com/1895012"
},
{
"category": "self",
"summary": "SUSE Bug 1895032",
"url": "https://bugzilla.suse.com/1895032"
},
{
"category": "self",
"summary": "SUSE Bug 1896353",
"url": "https://bugzilla.suse.com/1896353"
},
{
"category": "self",
"summary": "SUSE Bug 1897487",
"url": "https://bugzilla.suse.com/1897487"
},
{
"category": "self",
"summary": "SUSE Bug 1898074",
"url": "https://bugzilla.suse.com/1898074"
},
{
"category": "self",
"summary": "SUSE Bug 1898627",
"url": "https://bugzilla.suse.com/1898627"
},
{
"category": "self",
"summary": "SUSE Bug 1898825",
"url": "https://bugzilla.suse.com/1898825"
},
{
"category": "self",
"summary": "SUSE Bug 1898830",
"url": "https://bugzilla.suse.com/1898830"
},
{
"category": "self",
"summary": "SUSE Bug 1898858",
"url": "https://bugzilla.suse.com/1898858"
},
{
"category": "self",
"summary": "SUSE Bug 1899593",
"url": "https://bugzilla.suse.com/1899593"
},
{
"category": "self",
"summary": "SUSE Bug 1899759",
"url": "https://bugzilla.suse.com/1899759"
},
{
"category": "self",
"summary": "SUSE Bug 1899883",
"url": "https://bugzilla.suse.com/1899883"
},
{
"category": "self",
"summary": "SUSE Bug 1900413",
"url": "https://bugzilla.suse.com/1900413"
},
{
"category": "self",
"summary": "SUSE Bug 1901080",
"url": "https://bugzilla.suse.com/1901080"
},
{
"category": "self",
"summary": "SUSE Bug 1901932",
"url": "https://bugzilla.suse.com/1901932"
},
{
"category": "self",
"summary": "SUSE Bug 1905691",
"url": "https://bugzilla.suse.com/1905691"
},
{
"category": "self",
"summary": "SUSE Bug 215997",
"url": "https://bugzilla.suse.com/215997"
},
{
"category": "self",
"summary": "SUSE Bug 671060",
"url": "https://bugzilla.suse.com/671060"
},
{
"category": "self",
"summary": "SUSE Bug 676100",
"url": "https://bugzilla.suse.com/676100"
},
{
"category": "self",
"summary": "SUSE Bug 676118",
"url": "https://bugzilla.suse.com/676118"
},
{
"category": "self",
"summary": "SUSE Bug 864039",
"url": "https://bugzilla.suse.com/864039"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5388 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5388/"
}
],
"title": "Security update for mozilla-nss",
"tracking": {
"current_release_date": "2025-02-03T08:51:41Z",
"generator": {
"date": "2025-02-03T08:51:41Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20030-1",
"initial_release_date": "2025-02-03T08:51:41Z",
"revision_history": [
{
"date": "2025-02-03T08:51:41Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libfreebl3-3.101.2-1.1.aarch64",
"product": {
"name": "libfreebl3-3.101.2-1.1.aarch64",
"product_id": "libfreebl3-3.101.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsoftokn3-3.101.2-1.1.aarch64",
"product": {
"name": "libsoftokn3-3.101.2-1.1.aarch64",
"product_id": "libsoftokn3-3.101.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-3.101.2-1.1.aarch64",
"product": {
"name": "mozilla-nss-3.101.2-1.1.aarch64",
"product_id": "mozilla-nss-3.101.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-certs-3.101.2-1.1.aarch64",
"product": {
"name": "mozilla-nss-certs-3.101.2-1.1.aarch64",
"product_id": "mozilla-nss-certs-3.101.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-tools-3.101.2-1.1.aarch64",
"product": {
"name": "mozilla-nss-tools-3.101.2-1.1.aarch64",
"product_id": "mozilla-nss-tools-3.101.2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libfreebl3-3.101.2-1.1.s390x",
"product": {
"name": "libfreebl3-3.101.2-1.1.s390x",
"product_id": "libfreebl3-3.101.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libsoftokn3-3.101.2-1.1.s390x",
"product": {
"name": "libsoftokn3-3.101.2-1.1.s390x",
"product_id": "libsoftokn3-3.101.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "mozilla-nss-3.101.2-1.1.s390x",
"product": {
"name": "mozilla-nss-3.101.2-1.1.s390x",
"product_id": "mozilla-nss-3.101.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "mozilla-nss-certs-3.101.2-1.1.s390x",
"product": {
"name": "mozilla-nss-certs-3.101.2-1.1.s390x",
"product_id": "mozilla-nss-certs-3.101.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "mozilla-nss-tools-3.101.2-1.1.s390x",
"product": {
"name": "mozilla-nss-tools-3.101.2-1.1.s390x",
"product_id": "mozilla-nss-tools-3.101.2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libfreebl3-3.101.2-1.1.x86_64",
"product": {
"name": "libfreebl3-3.101.2-1.1.x86_64",
"product_id": "libfreebl3-3.101.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoftokn3-3.101.2-1.1.x86_64",
"product": {
"name": "libsoftokn3-3.101.2-1.1.x86_64",
"product_id": "libsoftokn3-3.101.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-3.101.2-1.1.x86_64",
"product": {
"name": "mozilla-nss-3.101.2-1.1.x86_64",
"product_id": "mozilla-nss-3.101.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-certs-3.101.2-1.1.x86_64",
"product": {
"name": "mozilla-nss-certs-3.101.2-1.1.x86_64",
"product_id": "mozilla-nss-certs-3.101.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-tools-3.101.2-1.1.x86_64",
"product": {
"name": "mozilla-nss-tools-3.101.2-1.1.x86_64",
"product_id": "mozilla-nss-tools-3.101.2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreebl3-3.101.2-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.aarch64"
},
"product_reference": "libfreebl3-3.101.2-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreebl3-3.101.2-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.s390x"
},
"product_reference": "libfreebl3-3.101.2-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreebl3-3.101.2-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.x86_64"
},
"product_reference": "libfreebl3-3.101.2-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoftokn3-3.101.2-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.aarch64"
},
"product_reference": "libsoftokn3-3.101.2-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoftokn3-3.101.2-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.s390x"
},
"product_reference": "libsoftokn3-3.101.2-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoftokn3-3.101.2-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.x86_64"
},
"product_reference": "libsoftokn3-3.101.2-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-3.101.2-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.aarch64"
},
"product_reference": "mozilla-nss-3.101.2-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-3.101.2-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.s390x"
},
"product_reference": "mozilla-nss-3.101.2-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-3.101.2-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.x86_64"
},
"product_reference": "mozilla-nss-3.101.2-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-certs-3.101.2-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.aarch64"
},
"product_reference": "mozilla-nss-certs-3.101.2-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-certs-3.101.2-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.s390x"
},
"product_reference": "mozilla-nss-certs-3.101.2-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-certs-3.101.2-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.x86_64"
},
"product_reference": "mozilla-nss-certs-3.101.2-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-tools-3.101.2-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.aarch64"
},
"product_reference": "mozilla-nss-tools-3.101.2-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-tools-3.101.2-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.s390x"
},
"product_reference": "mozilla-nss-tools-3.101.2-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-tools-3.101.2-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.x86_64"
},
"product_reference": "mozilla-nss-tools-3.101.2-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5388",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5388"
}
],
"notes": [
{
"category": "general",
"text": "NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.aarch64",
"SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.s390x",
"SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.x86_64",
"SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.aarch64",
"SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.s390x",
"SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.x86_64",
"SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.aarch64",
"SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.s390x",
"SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.x86_64",
"SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.aarch64",
"SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.s390x",
"SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.x86_64",
"SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.aarch64",
"SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.s390x",
"SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5388",
"url": "https://www.suse.com/security/cve/CVE-2023-5388"
},
{
"category": "external",
"summary": "SUSE Bug 1216198 for CVE-2023-5388",
"url": "https://bugzilla.suse.com/1216198"
},
{
"category": "external",
"summary": "SUSE Bug 1221327 for CVE-2023-5388",
"url": "https://bugzilla.suse.com/1221327"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.aarch64",
"SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.s390x",
"SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.x86_64",
"SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.aarch64",
"SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.s390x",
"SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.x86_64",
"SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.aarch64",
"SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.s390x",
"SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.x86_64",
"SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.aarch64",
"SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.s390x",
"SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.x86_64",
"SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.aarch64",
"SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.s390x",
"SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.aarch64",
"SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.s390x",
"SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.x86_64",
"SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.aarch64",
"SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.s390x",
"SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.x86_64",
"SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.aarch64",
"SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.s390x",
"SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.x86_64",
"SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.aarch64",
"SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.s390x",
"SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.x86_64",
"SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.aarch64",
"SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.s390x",
"SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:51:41Z",
"details": "moderate"
}
],
"title": "CVE-2023-5388"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…