{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"critical"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for mozilla-nss","title":"Title of the patch"},{"category":"description","text":"This update for mozilla-nss fixes the following issues:\n\n- update to NSS 3.101.2\n  - ChaChaXor to return after the function\n\n- update to NSS 3.101.1 \n  - missing sqlite header.\n  - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.\n\n- update to NSS 3.101\n  - add diagnostic assertions for SFTKObject refcount.\n  - freeing the slot in DeleteCertAndKey if authentication failed\n  - fix formatting issues.\n  - Add Firmaprofesional CA Root-A Web to NSS.\n  - remove invalid acvp fuzz test vectors.\n  - pad short P-384 and P-521 signatures gtests.\n  - remove unused FreeBL ECC code.\n  - pad short P-384 and P-521 signatures.\n  - be less strict about ECDSA private key length.\n  - Integrate HACL* P-521.\n  - Integrate HACL* P-384.\n  - memory leak in create_objects_from_handles.\n  - ensure all input is consumed in a few places in mozilla::pkix\n  - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy\n  - clean up escape handling\n  - Use lib::pkix as default validator instead of the old-one\n  - Need to add high level support for PQ signing.\n  - Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation\n  - SMIME/CMS and PKCS #12 do not integrate with modern NSS policy\n  - Allow for non-full length ecdsa signature when using softoken\n  - Modification of .taskcluster.yml due to mozlint indent defects\n  - Implement support for PBMAC1 in PKCS#12\n  - disable VLA warnings for fuzz builds.\n  - remove redundant AllocItem implementation.\n  - add PK11_ReadDistrustAfterAttribute.\n  - Clang-formatting of SEC_GetMgfTypeByOidTag update\n  - Set SEC_ERROR_LIBRARY_FAILURE on self-test failure\n  - sftk_getParameters(): Fix fallback to default variable after error with configfile.\n  - Switch to the mozillareleases/image_builder image\n\n- update to NSS 3.100\n - merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations.\n - remove ckcapi.\n - avoid a potential PK11GenericObject memory leak.\n - Remove incomplete ESDH code.\n - Decrypt RSA OAEP encrypted messages.\n - Fix certutil CRLDP URI code.\n - Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys.\n - Add ability to encrypt and decrypt CMS messages using ECDH.\n - Correct Templates for key agreement in smime/cmsasn.c.\n - Moving the decodedCert allocation to NSS.\n - Allow developers to speed up repeated local execution of NSS tests that depend on certificates.\n\n- update to NSS 3.99\n  - Removing check for message len in ed25519\n  - add ed25519 to SECU_ecName2params.\n  - add EdDSA wycheproof tests.\n  - nss/lib layer code for EDDSA.\n  - Adding EdDSA implementation.\n  - Exporting Certificate Compression types\n  - Updating ACVP docker to rust 1.74\n  - Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552\n  - Add NSS_CMSRecipient_IsSupported.\n\n- update to NSS 3.98\n  - CVE-2023-5388: Timing attack against RSA decryption in TLS\n  - Certificate Compression: enabling the check that the compression was advertised\n  - Move Windows workers to nss-1/b-win2022-alpha\n  - Remove Email trust bit from OISTE WISeKey Global Root GC CA\n  - Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss`\n  - Certificate Compression: Updating nss_bogo_shim to support Certificate compression\n  - TLS Certificate Compression (RFC 8879) Implementation\n  - Add valgrind annotations to freebl kyber operations for constant-time execution tests\n  - Set nssckbi version number to 2.66\n  - Add Telekom Security roots\n  - Add D-Trust 2022 S/MIME roots\n  - Remove expired Security Communication RootCA1 root\n  - move keys to a slot that supports concatenation in PK11_ConcatSymKeys\n  - remove unmaintained tls-interop tests\n  - bogo: add support for the -ipv6 and -shim-id shim flags\n  - bogo: add support for the -curves shim flag and update Kyber expectations\n  - bogo: adjust expectation for a key usage bit test\n  - mozpkix: add option to ignore invalid subject alternative names\n  - Fix selfserv not stripping `publicname:` from -X value\n  - take ownership of ecckilla shims\n  - add valgrind annotations to freebl/ec.c\n  - PR_INADDR_ANY needs PR_htonl before assignment to inet.ip\n  - Update zlib to 1.3.1\n\n- update to NSS 3.97\n  - make Xyber768d00 opt-in by policy\n  - add libssl support for xyber768d00\n  - add PK11_ConcatSymKeys\n  - add Kyber and a PKCS#11 KEM interface to softoken\n  - add a FreeBL API for Kyber\n  - part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff\n  - part 1: add a script for vendoring kyber from pq-crystals repo\n  - Removing the calls to RSA Blind from loader.*\n  - fix worker type for level3 mac tasks\n  - RSA Blind implementation\n  - Remove DSA selftests\n  - read KWP testvectors from JSON\n  - Backed out changeset dcb174139e4f\n  - Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation\n  - Wrap CC shell commands in gyp expansions\n\n- update to NSS 3.96.1\n  - Use pypi dependencies for MacOS worker in ./build_gyp.sh\n  - p7sign: add -a hash and -u certusage (also p7verify cleanups)\n  - add a defensive check for large ssl_DefSend return values\n  - Add dependency to the taskcluster script for Darwin\n  - Upgrade version of the MacOS worker for the CI\n\n- update to NSS 3.95\n  - Bump builtins version number.\n  - Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert.\n  - Remove 4 DigiCert (Symantec/Verisign) Root Certificates\n  - Remove 3 TrustCor Root Certificates from NSS.\n  - Remove Camerfirma root certificates from NSS.\n  - Remove old Autoridad de Certificacion Firmaprofesional Certificate.\n  - Add four Commscope root certificates to NSS.\n  - Add TrustAsia Global Root CA G3 and G4 root certificates.\n  - Include P-384 and P-521 Scalar Validation from HACL*\n  - Include P-256 Scalar Validation from HACL*.\n  - After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level\n  - Add means to provide library parameters to C_Initialize\n  - clang format\n  - add OSXSAVE and XCR0 tests to AVX2 detection.\n  - Typo in ssl3_AppendHandshakeNumber\n  - Introducing input check of ssl3_AppendHandshakeNumber\n  - Fix Invalid casts in instance.c\n\n- update to NSS 3.94\n  - Updated code and commit ID for HACL*\n  - update ACVP fuzzed test vector: refuzzed with current NSS\n  - Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants\n  - NSS needs a database tool that can dump the low level representation of the database\n  - declare string literals using char in pkixnames_tests.cpp\n  - avoid implicit conversion for ByteString\n  - update rust version for acvp docker\n  - Moving the init function of the mpi_ints before clean-up in ec.c\n  - P-256 ECDH and ECDSA from HACL*\n  - Add ACVP test vectors to the repository\n  - Stop relying on std::basic_string<uint8_t>\n  - Transpose the PPC_ABI check from Makefile to gyp\n\n- Update to NSS 3.93:\n  - Update zlib in NSS to 1.3.\n  - softoken: iterate hashUpdate calls for long inputs.\n  - regenerate NameConstraints test certificates (bsc#1214980).\n\n- update to NSS 3.92\n  - Set nssckbi version number to 2.62\n  - Add 4 Atos TrustedRoot Root CA certificates to NSS\n  - Add 4 SSL.com Root CA certificates\n  - Add Sectigo E46 and R46 Root CA certificates\n  - Add LAWtrust Root CA2 (4096)\n  - Remove E-Tugra Certification Authority root\n  - Remove Camerfirma Chambers of Commerce Root.\n  - Remove Hongkong Post Root CA 1\n  - Remove E-Tugra Global Root CA ECC v3 and RSA v3\n  - Avoid redefining BYTE_ORDER on hppa Linux\n\n- update to NSS 3.91\n  - Implementation of the HW support check for ADX instruction\n  - Removing the support of Curve25519\n  - Fix comment about the addition of ticketSupportsEarlyData\n  - Adding args to enable-legacy-db build\n  - dbtests.sh failure in \"certutil dump keys with explicit default trust flags\"\n  - Initialize flags in slot structures\n  - Improve the length check of RSA input to avoid heap overflow\n  - Followup Fixes\n  - avoid processing unexpected inputs by checking for m_exptmod base sign\n  - add a limit check on order_k to avoid infinite loop\n  - Update HACL* to commit 5f6051d2\n  - add SHA3 to cryptohi and softoken\n  - HACL SHA3\n  - Disabling ASM C25519 for A but X86_64\n\n- update to NSS 3.90.3\n  - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.\n  - clean up escape handling.\n  - remove redundant AllocItem implementation.\n  - Disable ASM support for Curve25519.\n  - Disable ASM support for Curve25519 for all but X86_64. \n","title":"Description of the patch"},{"category":"details","text":"SUSE-SLE-Micro-6.0-59","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20030-1.json"},{"category":"self","summary":"URL for SUSE-SU-2025:20030-1","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202520030-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2025:20030-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2025-June/021346.html"},{"category":"self","summary":"SUSE Bug 1214980","url":"https://bugzilla.suse.com/1214980"},{"category":"self","summary":"SUSE Bug 1216198","url":"https://bugzilla.suse.com/1216198"},{"category":"self","summary":"SUSE Bug 1222804","url":"https://bugzilla.suse.com/1222804"},{"category":"self","summary":"SUSE Bug 1222807","url":"https://bugzilla.suse.com/1222807"},{"category":"self","summary":"SUSE Bug 1222811","url":"https://bugzilla.suse.com/1222811"},{"category":"self","summary":"SUSE Bug 1222813","url":"https://bugzilla.suse.com/1222813"},{"category":"self","summary":"SUSE Bug 1222814","url":"https://bugzilla.suse.com/1222814"},{"category":"self","summary":"SUSE Bug 1222821","url":"https://bugzilla.suse.com/1222821"},{"category":"self","summary":"SUSE Bug 1222822","url":"https://bugzilla.suse.com/1222822"},{"category":"self","summary":"SUSE Bug 1222826","url":"https://bugzilla.suse.com/1222826"},{"category":"self","summary":"SUSE Bug 1222828","url":"https://bugzilla.suse.com/1222828"},{"category":"self","summary":"SUSE Bug 1222830","url":"https://bugzilla.suse.com/1222830"},{"category":"self","summary":"SUSE Bug 1222833","url":"https://bugzilla.suse.com/1222833"},{"category":"self","summary":"SUSE Bug 1222834","url":"https://bugzilla.suse.com/1222834"},{"category":"self","summary":"SUSE Bug 1223724","url":"https://bugzilla.suse.com/1223724"},{"category":"self","summary":"SUSE Bug 1224113","url":"https://bugzilla.suse.com/1224113"},{"category":"self","summary":"SUSE Bug 1224115","url":"https://bugzilla.suse.com/1224115"},{"category":"self","summary":"SUSE Bug 1224116","url":"https://bugzilla.suse.com/1224116"},{"category":"self","summary":"SUSE Bug 1224118","url":"https://bugzilla.suse.com/1224118"},{"category":"self","summary":"SUSE Bug 1227918","url":"https://bugzilla.suse.com/1227918"},{"category":"self","summary":"SUSE Bug 1325335","url":"https://bugzilla.suse.com/1325335"},{"category":"self","summary":"SUSE Bug 1548723","url":"https://bugzilla.suse.com/1548723"},{"category":"self","summary":"SUSE Bug 1573097","url":"https://bugzilla.suse.com/1573097"},{"category":"self","summary":"SUSE Bug 1615555","url":"https://bugzilla.suse.com/1615555"},{"category":"self","summary":"SUSE Bug 1748105","url":"https://bugzilla.suse.com/1748105"},{"category":"self","summary":"SUSE Bug 1753026","url":"https://bugzilla.suse.com/1753026"},{"category":"self","summary":"SUSE Bug 1757758","url":"https://bugzilla.suse.com/1757758"},{"category":"self","summary":"SUSE Bug 1774659","url":"https://bugzilla.suse.com/1774659"},{"category":"self","summary":"SUSE Bug 1775046","url":"https://bugzilla.suse.com/1775046"},{"category":"self","summary":"SUSE Bug 1780432","url":"https://bugzilla.suse.com/1780432"},{"category":"self","summary":"SUSE Bug 1784253","url":"https://bugzilla.suse.com/1784253"},{"category":"self","summary":"SUSE Bug 1793811","url":"https://bugzilla.suse.com/1793811"},{"category":"self","summary":"SUSE Bug 1813401","url":"https://bugzilla.suse.com/1813401"},{"category":"self","summary":"SUSE Bug 1818766","url":"https://bugzilla.suse.com/1818766"},{"category":"self","summary":"SUSE Bug 1822450","url":"https://bugzilla.suse.com/1822450"},{"category":"self","summary":"SUSE Bug 1822935","url":"https://bugzilla.suse.com/1822935"},{"category":"self","summary":"SUSE Bug 1822936","url":"https://bugzilla.suse.com/1822936"},{"category":"self","summary":"SUSE Bug 1826451","url":"https://bugzilla.suse.com/1826451"},{"category":"self","summary":"SUSE Bug 1826652","url":"https://bugzilla.suse.com/1826652"},{"category":"self","summary":"SUSE Bug 1827224","url":"https://bugzilla.suse.com/1827224"},{"category":"self","summary":"SUSE Bug 1827303","url":"https://bugzilla.suse.com/1827303"},{"category":"self","summary":"SUSE Bug 1827444","url":"https://bugzilla.suse.com/1827444"},{"category":"self","summary":"SUSE Bug 1829112","url":"https://bugzilla.suse.com/1829112"},{"category":"self","summary":"SUSE Bug 1830415","url":"https://bugzilla.suse.com/1830415"},{"category":"self","summary":"SUSE Bug 1830978","url":"https://bugzilla.suse.com/1830978"},{"category":"self","summary":"SUSE Bug 1831552","url":"https://bugzilla.suse.com/1831552"},{"category":"self","summary":"SUSE Bug 1833270","url":"https://bugzilla.suse.com/1833270"},{"category":"self","summary":"SUSE Bug 1834851","url":"https://bugzilla.suse.com/1834851"},{"category":"self","summary":"SUSE Bug 1835357","url":"https://bugzilla.suse.com/1835357"},{"category":"self","summary":"SUSE Bug 1835425","url":"https://bugzilla.suse.com/1835425"},{"category":"self","summary":"SUSE Bug 1835828","url":"https://bugzilla.suse.com/1835828"},{"category":"self","summary":"SUSE Bug 1836781","url":"https://bugzilla.suse.com/1836781"},{"category":"self","summary":"SUSE Bug 1836925","url":"https://bugzilla.suse.com/1836925"},{"category":"self","summary":"SUSE Bug 1837431","url":"https://bugzilla.suse.com/1837431"},{"category":"self","summary":"SUSE Bug 1837617","url":"https://bugzilla.suse.com/1837617"},{"category":"self","summary":"SUSE Bug 1837987","url":"https://bugzilla.suse.com/1837987"},{"category":"self","summary":"SUSE Bug 1839327","url":"https://bugzilla.suse.com/1839327"},{"category":"self","summary":"SUSE Bug 1839795","url":"https://bugzilla.suse.com/1839795"},{"category":"self","summary":"SUSE Bug 1839992","url":"https://bugzilla.suse.com/1839992"},{"category":"self","summary":"SUSE Bug 1840429","url":"https://bugzilla.suse.com/1840429"},{"category":"self","summary":"SUSE Bug 1840437","url":"https://bugzilla.suse.com/1840437"},{"category":"self","summary":"SUSE Bug 1840505","url":"https://bugzilla.suse.com/1840505"},{"category":"self","summary":"SUSE Bug 1840510","url":"https://bugzilla.suse.com/1840510"},{"category":"self","summary":"SUSE Bug 1841029","url":"https://bugzilla.suse.com/1841029"},{"category":"self","summary":"SUSE Bug 1842928","url":"https://bugzilla.suse.com/1842928"},{"category":"self","summary":"SUSE Bug 1842932","url":"https://bugzilla.suse.com/1842932"},{"category":"self","summary":"SUSE Bug 1842935","url":"https://bugzilla.suse.com/1842935"},{"category":"self","summary":"SUSE Bug 1842937","url":"https://bugzilla.suse.com/1842937"},{"category":"self","summary":"SUSE Bug 1847845","url":"https://bugzilla.suse.com/1847845"},{"category":"self","summary":"SUSE Bug 1848183","url":"https://bugzilla.suse.com/1848183"},{"category":"self","summary":"SUSE Bug 1849077","url":"https://bugzilla.suse.com/1849077"},{"category":"self","summary":"SUSE Bug 1849471","url":"https://bugzilla.suse.com/1849471"},{"category":"self","summary":"SUSE Bug 1850598","url":"https://bugzilla.suse.com/1850598"},{"category":"self","summary":"SUSE Bug 1850982","url":"https://bugzilla.suse.com/1850982"},{"category":"self","summary":"SUSE Bug 1851044","url":"https://bugzilla.suse.com/1851044"},{"category":"self","summary":"SUSE Bug 1851049","url":"https://bugzilla.suse.com/1851049"},{"category":"self","summary":"SUSE Bug 1852011","url":"https://bugzilla.suse.com/1852011"},{"category":"self","summary":"SUSE Bug 1852179","url":"https://bugzilla.suse.com/1852179"},{"category":"self","summary":"SUSE Bug 1853737","url":"https://bugzilla.suse.com/1853737"},{"category":"self","summary":"SUSE Bug 1854438","url":"https://bugzilla.suse.com/1854438"},{"category":"self","summary":"SUSE Bug 1854439","url":"https://bugzilla.suse.com/1854439"},{"category":"self","summary":"SUSE Bug 1854795","url":"https://bugzilla.suse.com/1854795"},{"category":"self","summary":"SUSE Bug 1855318","url":"https://bugzilla.suse.com/1855318"},{"category":"self","summary":"SUSE Bug 1858241","url":"https://bugzilla.suse.com/1858241"},{"category":"self","summary":"SUSE Bug 1860670","url":"https://bugzilla.suse.com/1860670"},{"category":"self","summary":"SUSE Bug 1861265","url":"https://bugzilla.suse.com/1861265"},{"category":"self","summary":"SUSE Bug 1861728","url":"https://bugzilla.suse.com/1861728"},{"category":"self","summary":"SUSE Bug 1863605","url":"https://bugzilla.suse.com/1863605"},{"category":"self","summary":"SUSE Bug 1865450","url":"https://bugzilla.suse.com/1865450"},{"category":"self","summary":"SUSE Bug 1867408","url":"https://bugzilla.suse.com/1867408"},{"category":"self","summary":"SUSE Bug 1869378","url":"https://bugzilla.suse.com/1869378"},{"category":"self","summary":"SUSE Bug 1869408","url":"https://bugzilla.suse.com/1869408"},{"category":"self","summary":"SUSE Bug 1869642","url":"https://bugzilla.suse.com/1869642"},{"category":"self","summary":"SUSE Bug 1870673","url":"https://bugzilla.suse.com/1870673"},{"category":"self","summary":"SUSE Bug 1871152","url":"https://bugzilla.suse.com/1871152"},{"category":"self","summary":"SUSE Bug 1871219","url":"https://bugzilla.suse.com/1871219"},{"category":"self","summary":"SUSE Bug 1871630","url":"https://bugzilla.suse.com/1871630"},{"category":"self","summary":"SUSE Bug 1871631","url":"https://bugzilla.suse.com/1871631"},{"category":"self","summary":"SUSE Bug 1873095","url":"https://bugzilla.suse.com/1873095"},{"category":"self","summary":"SUSE Bug 1873296","url":"https://bugzilla.suse.com/1873296"},{"category":"self","summary":"SUSE Bug 1874017","url":"https://bugzilla.suse.com/1874017"},{"category":"self","summary":"SUSE Bug 1874111","url":"https://bugzilla.suse.com/1874111"},{"category":"self","summary":"SUSE Bug 1874458","url":"https://bugzilla.suse.com/1874458"},{"category":"self","summary":"SUSE Bug 1874937","url":"https://bugzilla.suse.com/1874937"},{"category":"self","summary":"SUSE Bug 1875356","url":"https://bugzilla.suse.com/1875356"},{"category":"self","summary":"SUSE Bug 1875506","url":"https://bugzilla.suse.com/1875506"},{"category":"self","summary":"SUSE Bug 1875965","url":"https://bugzilla.suse.com/1875965"},{"category":"self","summary":"SUSE Bug 1876179","url":"https://bugzilla.suse.com/1876179"},{"category":"self","summary":"SUSE Bug 1876390","url":"https://bugzilla.suse.com/1876390"},{"category":"self","summary":"SUSE Bug 1876800","url":"https://bugzilla.suse.com/1876800"},{"category":"self","summary":"SUSE Bug 1877344","url":"https://bugzilla.suse.com/1877344"},{"category":"self","summary":"SUSE Bug 1877730","url":"https://bugzilla.suse.com/1877730"},{"category":"self","summary":"SUSE Bug 1879513","url":"https://bugzilla.suse.com/1879513"},{"category":"self","summary":"SUSE Bug 1879945","url":"https://bugzilla.suse.com/1879945"},{"category":"self","summary":"SUSE Bug 1880857","url":"https://bugzilla.suse.com/1880857"},{"category":"self","summary":"SUSE Bug 1881027","url":"https://bugzilla.suse.com/1881027"},{"category":"self","summary":"SUSE Bug 1884276","url":"https://bugzilla.suse.com/1884276"},{"category":"self","summary":"SUSE Bug 1884444","url":"https://bugzilla.suse.com/1884444"},{"category":"self","summary":"SUSE Bug 1885404","url":"https://bugzilla.suse.com/1885404"},{"category":"self","summary":"SUSE Bug 1887996","url":"https://bugzilla.suse.com/1887996"},{"category":"self","summary":"SUSE Bug 1889671","url":"https://bugzilla.suse.com/1889671"},{"category":"self","summary":"SUSE Bug 1890069","url":"https://bugzilla.suse.com/1890069"},{"category":"self","summary":"SUSE Bug 1893029","url":"https://bugzilla.suse.com/1893029"},{"category":"self","summary":"SUSE Bug 1893162","url":"https://bugzilla.suse.com/1893162"},{"category":"self","summary":"SUSE Bug 1893334","url":"https://bugzilla.suse.com/1893334"},{"category":"self","summary":"SUSE Bug 1893404","url":"https://bugzilla.suse.com/1893404"},{"category":"self","summary":"SUSE Bug 1893752","url":"https://bugzilla.suse.com/1893752"},{"category":"self","summary":"SUSE Bug 1894572","url":"https://bugzilla.suse.com/1894572"},{"category":"self","summary":"SUSE Bug 1895012","url":"https://bugzilla.suse.com/1895012"},{"category":"self","summary":"SUSE Bug 1895032","url":"https://bugzilla.suse.com/1895032"},{"category":"self","summary":"SUSE Bug 1896353","url":"https://bugzilla.suse.com/1896353"},{"category":"self","summary":"SUSE Bug 1897487","url":"https://bugzilla.suse.com/1897487"},{"category":"self","summary":"SUSE Bug 1898074","url":"https://bugzilla.suse.com/1898074"},{"category":"self","summary":"SUSE Bug 1898627","url":"https://bugzilla.suse.com/1898627"},{"category":"self","summary":"SUSE Bug 1898825","url":"https://bugzilla.suse.com/1898825"},{"category":"self","summary":"SUSE Bug 1898830","url":"https://bugzilla.suse.com/1898830"},{"category":"self","summary":"SUSE Bug 1898858","url":"https://bugzilla.suse.com/1898858"},{"category":"self","summary":"SUSE Bug 1899593","url":"https://bugzilla.suse.com/1899593"},{"category":"self","summary":"SUSE Bug 1899759","url":"https://bugzilla.suse.com/1899759"},{"category":"self","summary":"SUSE Bug 1899883","url":"https://bugzilla.suse.com/1899883"},{"category":"self","summary":"SUSE Bug 1900413","url":"https://bugzilla.suse.com/1900413"},{"category":"self","summary":"SUSE Bug 1901080","url":"https://bugzilla.suse.com/1901080"},{"category":"self","summary":"SUSE Bug 1901932","url":"https://bugzilla.suse.com/1901932"},{"category":"self","summary":"SUSE Bug 1905691","url":"https://bugzilla.suse.com/1905691"},{"category":"self","summary":"SUSE Bug 215997","url":"https://bugzilla.suse.com/215997"},{"category":"self","summary":"SUSE Bug 671060","url":"https://bugzilla.suse.com/671060"},{"category":"self","summary":"SUSE Bug 676100","url":"https://bugzilla.suse.com/676100"},{"category":"self","summary":"SUSE Bug 676118","url":"https://bugzilla.suse.com/676118"},{"category":"self","summary":"SUSE Bug 864039","url":"https://bugzilla.suse.com/864039"},{"category":"self","summary":"SUSE CVE CVE-2023-5388 page","url":"https://www.suse.com/security/cve/CVE-2023-5388/"}],"title":"Security update for mozilla-nss","tracking":{"current_release_date":"2025-02-03T08:51:41Z","generator":{"date":"2025-02-03T08:51:41Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2025:20030-1","initial_release_date":"2025-02-03T08:51:41Z","revision_history":[{"date":"2025-02-03T08:51:41Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"libfreebl3-3.101.2-1.1.aarch64","product":{"name":"libfreebl3-3.101.2-1.1.aarch64","product_id":"libfreebl3-3.101.2-1.1.aarch64"}},{"category":"product_version","name":"libsoftokn3-3.101.2-1.1.aarch64","product":{"name":"libsoftokn3-3.101.2-1.1.aarch64","product_id":"libsoftokn3-3.101.2-1.1.aarch64"}},{"category":"product_version","name":"mozilla-nss-3.101.2-1.1.aarch64","product":{"name":"mozilla-nss-3.101.2-1.1.aarch64","product_id":"mozilla-nss-3.101.2-1.1.aarch64"}},{"category":"product_version","name":"mozilla-nss-certs-3.101.2-1.1.aarch64","product":{"name":"mozilla-nss-certs-3.101.2-1.1.aarch64","product_id":"mozilla-nss-certs-3.101.2-1.1.aarch64"}},{"category":"product_version","name":"mozilla-nss-tools-3.101.2-1.1.aarch64","product":{"name":"mozilla-nss-tools-3.101.2-1.1.aarch64","product_id":"mozilla-nss-tools-3.101.2-1.1.aarch64"}}],"category":"architecture","name":"aarch64"},{"branches":[{"category":"product_version","name":"libfreebl3-3.101.2-1.1.s390x","product":{"name":"libfreebl3-3.101.2-1.1.s390x","product_id":"libfreebl3-3.101.2-1.1.s390x"}},{"category":"product_version","name":"libsoftokn3-3.101.2-1.1.s390x","product":{"name":"libsoftokn3-3.101.2-1.1.s390x","product_id":"libsoftokn3-3.101.2-1.1.s390x"}},{"category":"product_version","name":"mozilla-nss-3.101.2-1.1.s390x","product":{"name":"mozilla-nss-3.101.2-1.1.s390x","product_id":"mozilla-nss-3.101.2-1.1.s390x"}},{"category":"product_version","name":"mozilla-nss-certs-3.101.2-1.1.s390x","product":{"name":"mozilla-nss-certs-3.101.2-1.1.s390x","product_id":"mozilla-nss-certs-3.101.2-1.1.s390x"}},{"category":"product_version","name":"mozilla-nss-tools-3.101.2-1.1.s390x","product":{"name":"mozilla-nss-tools-3.101.2-1.1.s390x","product_id":"mozilla-nss-tools-3.101.2-1.1.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"libfreebl3-3.101.2-1.1.x86_64","product":{"name":"libfreebl3-3.101.2-1.1.x86_64","product_id":"libfreebl3-3.101.2-1.1.x86_64"}},{"category":"product_version","name":"libsoftokn3-3.101.2-1.1.x86_64","product":{"name":"libsoftokn3-3.101.2-1.1.x86_64","product_id":"libsoftokn3-3.101.2-1.1.x86_64"}},{"category":"product_version","name":"mozilla-nss-3.101.2-1.1.x86_64","product":{"name":"mozilla-nss-3.101.2-1.1.x86_64","product_id":"mozilla-nss-3.101.2-1.1.x86_64"}},{"category":"product_version","name":"mozilla-nss-certs-3.101.2-1.1.x86_64","product":{"name":"mozilla-nss-certs-3.101.2-1.1.x86_64","product_id":"mozilla-nss-certs-3.101.2-1.1.x86_64"}},{"category":"product_version","name":"mozilla-nss-tools-3.101.2-1.1.x86_64","product":{"name":"mozilla-nss-tools-3.101.2-1.1.x86_64","product_id":"mozilla-nss-tools-3.101.2-1.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Micro 6.0","product":{"name":"SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0","product_identification_helper":{"cpe":"cpe:/o:suse:sl-micro:6.0"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"libfreebl3-3.101.2-1.1.aarch64 as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.aarch64"},"product_reference":"libfreebl3-3.101.2-1.1.aarch64","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"libfreebl3-3.101.2-1.1.s390x as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.s390x"},"product_reference":"libfreebl3-3.101.2-1.1.s390x","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"libfreebl3-3.101.2-1.1.x86_64 as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.x86_64"},"product_reference":"libfreebl3-3.101.2-1.1.x86_64","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"libsoftokn3-3.101.2-1.1.aarch64 as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.aarch64"},"product_reference":"libsoftokn3-3.101.2-1.1.aarch64","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"libsoftokn3-3.101.2-1.1.s390x as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.s390x"},"product_reference":"libsoftokn3-3.101.2-1.1.s390x","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"libsoftokn3-3.101.2-1.1.x86_64 as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.x86_64"},"product_reference":"libsoftokn3-3.101.2-1.1.x86_64","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"mozilla-nss-3.101.2-1.1.aarch64 as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.aarch64"},"product_reference":"mozilla-nss-3.101.2-1.1.aarch64","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"mozilla-nss-3.101.2-1.1.s390x as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.s390x"},"product_reference":"mozilla-nss-3.101.2-1.1.s390x","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"mozilla-nss-3.101.2-1.1.x86_64 as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.x86_64"},"product_reference":"mozilla-nss-3.101.2-1.1.x86_64","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"mozilla-nss-certs-3.101.2-1.1.aarch64 as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.aarch64"},"product_reference":"mozilla-nss-certs-3.101.2-1.1.aarch64","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"mozilla-nss-certs-3.101.2-1.1.s390x as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.s390x"},"product_reference":"mozilla-nss-certs-3.101.2-1.1.s390x","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"mozilla-nss-certs-3.101.2-1.1.x86_64 as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.x86_64"},"product_reference":"mozilla-nss-certs-3.101.2-1.1.x86_64","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"mozilla-nss-tools-3.101.2-1.1.aarch64 as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.aarch64"},"product_reference":"mozilla-nss-tools-3.101.2-1.1.aarch64","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"mozilla-nss-tools-3.101.2-1.1.s390x as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.s390x"},"product_reference":"mozilla-nss-tools-3.101.2-1.1.s390x","relates_to_product_reference":"SUSE Linux Micro 6.0"},{"category":"default_component_of","full_product_name":{"name":"mozilla-nss-tools-3.101.2-1.1.x86_64 as component of SUSE Linux Micro 6.0","product_id":"SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.x86_64"},"product_reference":"mozilla-nss-tools-3.101.2-1.1.x86_64","relates_to_product_reference":"SUSE Linux Micro 6.0"}]},"vulnerabilities":[{"cve":"CVE-2023-5388","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-5388"}],"notes":[{"category":"general","text":"NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.aarch64","SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.s390x","SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.x86_64","SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.aarch64","SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.s390x","SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.x86_64","SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.aarch64","SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.s390x","SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.x86_64","SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.aarch64","SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.s390x","SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.x86_64","SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.aarch64","SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.s390x","SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-5388","url":"https://www.suse.com/security/cve/CVE-2023-5388"},{"category":"external","summary":"SUSE Bug 1216198 for CVE-2023-5388","url":"https://bugzilla.suse.com/1216198"},{"category":"external","summary":"SUSE Bug 1221327 for CVE-2023-5388","url":"https://bugzilla.suse.com/1221327"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.aarch64","SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.s390x","SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.x86_64","SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.aarch64","SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.s390x","SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.x86_64","SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.aarch64","SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.s390x","SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.x86_64","SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.aarch64","SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.s390x","SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.x86_64","SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.aarch64","SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.s390x","SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"products":["SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.aarch64","SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.s390x","SUSE Linux Micro 6.0:libfreebl3-3.101.2-1.1.x86_64","SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.aarch64","SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.s390x","SUSE Linux Micro 6.0:libsoftokn3-3.101.2-1.1.x86_64","SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.aarch64","SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.s390x","SUSE Linux Micro 6.0:mozilla-nss-3.101.2-1.1.x86_64","SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.aarch64","SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.s390x","SUSE Linux Micro 6.0:mozilla-nss-certs-3.101.2-1.1.x86_64","SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.aarch64","SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.s390x","SUSE Linux Micro 6.0:mozilla-nss-tools-3.101.2-1.1.x86_64"]}],"threats":[{"category":"impact","date":"2025-02-03T08:51:41Z","details":"moderate"}],"title":"CVE-2023-5388"}]}