libfreebl3-3.69.1-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11058-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libfreebl3-3.69.1-1.2 on GA media These are all security issues fixed in the libfreebl3-3.69.1-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11058 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-0495/ SUSE CVE CVE-2018-0495 page https://www.suse.com/security/cve/CVE-2018-12384/ SUSE CVE CVE-2018-12384 page https://www.suse.com/security/cve/CVE-2018-12404/ SUSE CVE CVE-2018-12404 page https://www.suse.com/security/cve/CVE-2019-11719/ SUSE CVE CVE-2019-11719 page https://www.suse.com/security/cve/CVE-2019-11727/ SUSE CVE CVE-2019-11727 page https://www.suse.com/security/cve/CVE-2019-11729/ SUSE CVE CVE-2019-11729 page https://www.suse.com/security/cve/CVE-2019-11745/ SUSE CVE CVE-2019-11745 page https://www.suse.com/security/cve/CVE-2019-17006/ SUSE CVE CVE-2019-17006 page https://www.suse.com/security/cve/CVE-2020-12399/ SUSE CVE CVE-2020-12399 page https://www.suse.com/security/cve/CVE-2020-12401/ SUSE CVE CVE-2020-12401 page https://www.suse.com/security/cve/CVE-2020-12402/ SUSE CVE CVE-2020-12402 page https://www.suse.com/security/cve/CVE-2020-12403/ SUSE CVE CVE-2020-12403 page https://www.suse.com/security/cve/CVE-2020-25648/ SUSE CVE CVE-2020-25648 page https://www.suse.com/security/cve/CVE-2020-6829/ SUSE CVE CVE-2020-6829 page openSUSE Tumbleweed libfreebl3-3.69.1-1.2 libfreebl3-32bit-3.69.1-1.2 libfreebl3-hmac-3.69.1-1.2 libfreebl3-hmac-32bit-3.69.1-1.2 libsoftokn3-3.69.1-1.2 libsoftokn3-32bit-3.69.1-1.2 libsoftokn3-hmac-3.69.1-1.2 libsoftokn3-hmac-32bit-3.69.1-1.2 mozilla-nss-3.69.1-1.2 mozilla-nss-32bit-3.69.1-1.2 mozilla-nss-certs-3.69.1-1.2 mozilla-nss-certs-32bit-3.69.1-1.2 mozilla-nss-devel-3.69.1-1.2 mozilla-nss-sysinit-3.69.1-1.2 mozilla-nss-sysinit-32bit-3.69.1-1.2 mozilla-nss-tools-3.69.1-1.2 libfreebl3-3.69.1-1.2 as a component of openSUSE Tumbleweed libfreebl3-32bit-3.69.1-1.2 as a component of openSUSE Tumbleweed libfreebl3-hmac-3.69.1-1.2 as a component of openSUSE Tumbleweed libfreebl3-hmac-32bit-3.69.1-1.2 as a component of openSUSE Tumbleweed libsoftokn3-3.69.1-1.2 as a component of openSUSE Tumbleweed libsoftokn3-32bit-3.69.1-1.2 as a component of openSUSE Tumbleweed libsoftokn3-hmac-3.69.1-1.2 as a component of openSUSE Tumbleweed libsoftokn3-hmac-32bit-3.69.1-1.2 as a component of openSUSE Tumbleweed mozilla-nss-3.69.1-1.2 as a component of openSUSE Tumbleweed mozilla-nss-32bit-3.69.1-1.2 as a component of openSUSE Tumbleweed mozilla-nss-certs-3.69.1-1.2 as a component of openSUSE Tumbleweed mozilla-nss-certs-32bit-3.69.1-1.2 as a component of openSUSE Tumbleweed mozilla-nss-devel-3.69.1-1.2 as a component of openSUSE Tumbleweed mozilla-nss-sysinit-3.69.1-1.2 as a component of openSUSE Tumbleweed mozilla-nss-sysinit-32bit-3.69.1-1.2 as a component of openSUSE Tumbleweed mozilla-nss-tools-3.69.1-1.2 as a component of openSUSE Tumbleweed Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. CVE-2018-0495 openSUSE Tumbleweed:libfreebl3-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-devel-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-tools-3.69.1-1.2 moderate 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-0495.html CVE-2018-0495 https://bugzilla.suse.com/1097410 SUSE Bug 1097410 https://bugzilla.suse.com/1121207 SUSE Bug 1121207 When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3. CVE-2018-12384 openSUSE Tumbleweed:libfreebl3-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-devel-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-tools-3.69.1-1.2 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-12384.html CVE-2018-12384 https://bugzilla.suse.com/1106873 SUSE Bug 1106873 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 https://bugzilla.suse.com/1121207 SUSE Bug 1121207 A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. CVE-2018-12404 openSUSE Tumbleweed:libfreebl3-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-devel-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-tools-3.69.1-1.2 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-12404.html CVE-2018-12404 https://bugzilla.suse.com/1119069 SUSE Bug 1119069 https://bugzilla.suse.com/1119105 SUSE Bug 1119105 https://bugzilla.suse.com/1121207 SUSE Bug 1121207 When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. CVE-2019-11719 openSUSE Tumbleweed:libfreebl3-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-devel-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-tools-3.69.1-1.2 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11719.html CVE-2019-11719 https://bugzilla.suse.com/1140868 SUSE Bug 1140868 A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68. CVE-2019-11727 openSUSE Tumbleweed:libfreebl3-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-devel-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-tools-3.69.1-1.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11727.html CVE-2019-11727 https://bugzilla.suse.com/1140868 SUSE Bug 1140868 https://bugzilla.suse.com/1141322 SUSE Bug 1141322 Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. CVE-2019-11729 openSUSE Tumbleweed:libfreebl3-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-devel-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-tools-3.69.1-1.2 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11729.html CVE-2019-11729 https://bugzilla.suse.com/1140868 SUSE Bug 1140868 When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. CVE-2019-11745 openSUSE Tumbleweed:libfreebl3-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-devel-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-tools-3.69.1-1.2 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-11745.html CVE-2019-11745 https://bugzilla.suse.com/1158328 SUSE Bug 1158328 https://bugzilla.suse.com/1158527 SUSE Bug 1158527 In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. CVE-2019-17006 openSUSE Tumbleweed:libfreebl3-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-devel-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-tools-3.69.1-1.2 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-17006.html CVE-2019-17006 https://bugzilla.suse.com/1159819 SUSE Bug 1159819 NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. CVE-2020-12399 openSUSE Tumbleweed:libfreebl3-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-devel-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-tools-3.69.1-1.2 moderate 1.2 AV:L/AC:H/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-12399.html CVE-2020-12399 https://bugzilla.suse.com/1171978 SUSE Bug 1171978 https://bugzilla.suse.com/1172402 SUSE Bug 1172402 During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80. CVE-2020-12401 openSUSE Tumbleweed:libfreebl3-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-devel-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-tools-3.69.1-1.2 critical 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-12401.html CVE-2020-12401 https://bugzilla.suse.com/1174763 SUSE Bug 1174763 https://bugzilla.suse.com/1175686 SUSE Bug 1175686 During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78. CVE-2020-12402 openSUSE Tumbleweed:libfreebl3-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-devel-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-tools-3.69.1-1.2 moderate 1.2 AV:L/AC:H/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-12402.html CVE-2020-12402 https://bugzilla.suse.com/1173032 SUSE Bug 1173032 https://bugzilla.suse.com/1173576 SUSE Bug 1173576 https://bugzilla.suse.com/1174230 SUSE Bug 1174230 A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability. CVE-2020-12403 openSUSE Tumbleweed:libfreebl3-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-devel-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-tools-3.69.1-1.2 critical 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-12403.html CVE-2020-12403 https://bugzilla.suse.com/1174763 SUSE Bug 1174763 A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. CVE-2020-25648 openSUSE Tumbleweed:libfreebl3-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-devel-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-tools-3.69.1-1.2 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-25648.html CVE-2020-25648 https://bugzilla.suse.com/1177917 SUSE Bug 1177917 When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80. CVE-2020-6829 openSUSE Tumbleweed:libfreebl3-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libfreebl3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-32bit-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-3.69.1-1.2 openSUSE Tumbleweed:libsoftokn3-hmac-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-certs-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-devel-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-sysinit-32bit-3.69.1-1.2 openSUSE Tumbleweed:mozilla-nss-tools-3.69.1-1.2 critical 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-6829.html CVE-2020-6829 https://bugzilla.suse.com/1174763 SUSE Bug 1174763 https://bugzilla.suse.com/1175686 SUSE Bug 1175686