Lucene search
OracleLinuxELSA-2024-12337HistoryApr 19, 2024 - 12:00 a.m.
nss security update
2024-04-1900:00:00
linux.oracle.com
4
nss security
fips package
ecc
p256
p384
p521
constant time
fips review
expired certs
cve-2023-5388
unix
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
20.6%
[3.90.0-6_fips]
- Add FIPS package change: add fips suffix to Release and
set Epoch to 10 [Orabug: 35862190] - Update FIPS module name for Oracle Linux [Orabug: 35862190]
[3.90.0-6] - Fix ecc DER wrapping.
[3.90.0-5] - Pick up validated constant time implementations of p256, p384, and p521
from upsream - More Fips indicator changes
[3.90.0-4] - FIPS review changes
- add PORT_SafeZero to avoid compiler optimizing a way zeroing memory.
- update the indicators for this release
- allow hashing of longer than int32 values in a single PKCS #11 call.
[3.90.0-3.3] - Fix expired certs in tests
- Fix CVE-2023-5388
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 9 | src | nss | < 3.90.0-6.el9_3_fips | nss-3.90.0-6.el9_3_fips.src.rpm |
| oracle linux | 9 | aarch64 | nspr | < 4.35.0-6.el9_3_fips | nspr-4.35.0-6.el9_3_fips.aarch64.rpm |
| oracle linux | 9 | aarch64 | nspr-devel | < 4.35.0-6.el9_3_fips | nspr-devel-4.35.0-6.el9_3_fips.aarch64.rpm |
| oracle linux | 9 | aarch64 | nss | < 3.90.0-6.el9_3_fips | nss-3.90.0-6.el9_3_fips.aarch64.rpm |
| oracle linux | 9 | aarch64 | nss-devel | < 3.90.0-6.el9_3_fips | nss-devel-3.90.0-6.el9_3_fips.aarch64.rpm |
| oracle linux | 9 | aarch64 | nss-pkcs11-devel | < 3.90.0-6.el9_3_fips | nss-pkcs11-devel-3.90.0-6.el9_3_fips.aarch64.rpm |
| oracle linux | 9 | aarch64 | nss-softokn | < 3.90.0-6.el9_3_fips | nss-softokn-3.90.0-6.el9_3_fips.aarch64.rpm |
| oracle linux | 9 | aarch64 | nss-softokn-devel | < 3.90.0-6.el9_3_fips | nss-softokn-devel-3.90.0-6.el9_3_fips.aarch64.rpm |
| oracle linux | 9 | aarch64 | nss-softokn-freebl | < 3.90.0-6.el9_3_fips | nss-softokn-freebl-3.90.0-6.el9_3_fips.aarch64.rpm |
| oracle linux | 9 | aarch64 | nss-softokn-freebl-devel | < 3.90.0-6.el9_3_fips | nss-softokn-freebl-devel-3.90.0-6.el9_3_fips.aarch64.rpm |
Related
nessus
nessus
RHEL 9 : nss (RHSA-2024:0790)
2024-02-12 00:00:00
Oracle Linux 9 : nss (ELSA-2024-0790)
2024-02-14 00:00:00
Amazon Linux 2023 : nspr, nspr-devel, nss (ALAS2023-2024-523)
2024-02-20 00:00:00
osv
osv
Moderate: nss security update
2024-03-12 15:41:47
Moderate: nss security update
2024-02-12 00:00:00
Moderate: nss security update
2024-02-12 00:00:00
alpinelinux
alpinelinux
CVE-2023-6135
2023-12-19 14:15:07
almalinux
almalinux
Moderate: nss security update
2024-02-12 00:00:00
Moderate: nss security update
2024-02-12 00:00:00
redhat
redhat
(RHSA-2024:0790) Moderate: nss security update
2024-02-12 16:31:35
(RHSA-2024:0786) Moderate: nss security update
2024-02-12 13:39:06
(RHSA-2024:0791) Moderate: nss security update
2024-02-12 16:31:43
prion
prion
Code injection
2023-12-19 14:15:00
oraclelinux
oraclelinux
nss security update
2024-02-13 00:00:00
nss security update
2024-02-13 00:00:00
debiancve
debiancve
CVE-2023-6135
2023-12-19 14:15:07
cve
cve
CVE-2023-6135
2023-12-19 14:15:07
amazon
amazon
Medium: nss-softokn
2024-02-15 03:52:00
nvd
nvd
CVE-2023-6135
2023-12-19 14:15:07
ubuntucve
ubuntucve
CVE-2023-6135
2023-12-20 00:00:00
redhatcve
redhatcve
CVE-2023-6135
2024-01-11 09:00:57
rocky
rocky
nss security update
2024-03-12 15:41:47
cvelist
cvelist
CVE-2023-6135
2023-12-19 13:38:46
ubuntu
ubuntu
NSS regression
2024-04-11 00:00:00
NSS vulnerabilities
2024-04-10 00:00:00
Firefox regressions
2024-01-11 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6727-1)
2024-04-11 00:00:00
Ubuntu: Security Advisory (USN-6727-2)
2024-04-12 00:00:00
Mozilla Firefox Security Advisories (MFSA2023-53, MFSA2023-56) - Windows
2023-12-21 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox 121 — Mozilla
2023-12-19 00:00:00
kaspersky
kaspersky
KLA62517 Multiple vulnerabilities in Mozilla Firefox
2023-12-19 00:00:00
ibm
ibm
Security Bulletin: App Connect Enterprise Certified Container UBI updates
2024-03-07 14:53:54
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
2024-04-24 19:15:42
gentoo
gentoo
Mozilla Firefox: Multiple Vulnerabilities
2024-01-07 00:00:00
hp
hp
HP ThinPro 8.0 SP 9 Security Updates
2024-06-17 00:00:00
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
20.6%
Related for ELSA-2024-12337