Recommended update for mozilla-nss SUSE Patch security@suse.de SUSE Security Team SUSE-RU-2024:2564-1 Final 1 1 2024-07-19T11:16:01Z current 2024-07-19T11:16:01Z 2024-07-19T11:16:01Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Recommended update for mozilla-nss This update for mozilla-nss fixes the following issues: - Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724). - Added 'Provides: nss' so other RPMs that require 'nss' can be installed (jira PED-6358). - FIPS: added safe memsets (bsc#1222811) - FIPS: restrict AES-GCM (bsc#1222830) - FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118) - FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834) - FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116) update to NSS 3.101.1: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101: * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * clean up escape handling * Use lib::pkix as default validator instead of the old-one * Need to add high level support for PQ signing. * Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * Allow for non-full length ecdsa signature when using softoken * Modification of .taskcluster.yml due to mozlint indent defects * Implement support for PBMAC1 in PKCS#12 * disable VLA warnings for fuzz builds. * remove redundant AllocItem implementation. * add PK11_ReadDistrustAfterAttribute. * - Clang-formatting of SEC_GetMgfTypeByOidTag update * Set SEC_ERROR_LIBRARY_FAILURE on self-test failure * sftk_getParameters(): Fix fallback to default variable after error with configfile. * Switch to the mozillareleases/image_builder image - switch from ec_field_GFp to ec_field_plain Update to NSS 3.100: * merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. * remove ckcapi. * avoid a potential PK11GenericObject memory leak. * Remove incomplete ESDH code. * Decrypt RSA OAEP encrypted messages. * Fix certutil CRLDP URI code. * Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. * Add ability to encrypt and decrypt CMS messages using ECDH. * Correct Templates for key agreement in smime/cmsasn.c. * Moving the decodedCert allocation to NSS. * Allow developers to speed up repeated local execution of NSS tests that depend on certificates. Update to NSS 3.99: * Removing check for message len in ed25519 (bmo#1325335) * add ed25519 to SECU_ecName2params. (bmo#1884276) * add EdDSA wycheproof tests. (bmo#1325335) * nss/lib layer code for EDDSA. (bmo#1325335) * Adding EdDSA implementation. (bmo#1325335) * Exporting Certificate Compression types (bmo#1881027) * Updating ACVP docker to rust 1.74 (bmo#1880857) * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335) * Add NSS_CMSRecipient_IsSupported. (bmo#1877730) Update to NSS 3.98: * (CVE-2023-5388) Timing attack against RSA decryption in TLS * Certificate Compression: enabling the check that the compression was advertised * Move Windows workers to nss-1/b-win2022-alpha * Remove Email trust bit from OISTE WISeKey Global Root GC CA * Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * Certificate Compression: Updating nss_bogo_shim to support Certificate compression * TLS Certificate Compression (RFC 8879) Implementation * Add valgrind annotations to freebl kyber operations for constant-time execution tests * Set nssckbi version number to 2.66 * Add Telekom Security roots * Add D-Trust 2022 S/MIME roots * Remove expired Security Communication RootCA1 root * move keys to a slot that supports concatenation in PK11_ConcatSymKeys * remove unmaintained tls-interop tests * bogo: add support for the -ipv6 and -shim-id shim flags * bogo: add support for the -curves shim flag and update Kyber expectations * bogo: adjust expectation for a key usage bit test * mozpkix: add option to ignore invalid subject alternative names * Fix selfserv not stripping `publicname:` from -X value * take ownership of ecckilla shims * add valgrind annotations to freebl/ec.c * PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * Update zlib to 1.3.1 Update to NSS 3.97: * make Xyber768d00 opt-in by policy * add libssl support for xyber768d00 * add PK11_ConcatSymKeys * add Kyber and a PKCS#11 KEM interface to softoken * add a FreeBL API for Kyber * part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * part 1: add a script for vendoring kyber from pq-crystals repo * Removing the calls to RSA Blind from loader.* * fix worker type for level3 mac tasks * RSA Blind implementation * Remove DSA selftests * read KWP testvectors from JSON * Backed out changeset dcb174139e4f * Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * Wrap CC shell commands in gyp expansions Update to NSS 3.96.1: * Use pypi dependencies for MacOS worker in ./build_gyp.sh * p7sign: add -a hash and -u certusage (also p7verify cleanups) * add a defensive check for large ssl_DefSend return values * Add dependency to the taskcluster script for Darwin * Upgrade version of the MacOS worker for the CI Update to NSS 3.95: * Bump builtins version number. * Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * Remove 4 DigiCert (Symantec/Verisign) Root Certificates * Remove 3 TrustCor Root Certificates from NSS. * Remove Camerfirma root certificates from NSS. * Remove old Autoridad de Certificacion Firmaprofesional Certificate. * Add four Commscope root certificates to NSS. * Add TrustAsia Global Root CA G3 and G4 root certificates. * Include P-384 and P-521 Scalar Validation from HACL* * Include P-256 Scalar Validation from HACL*. * After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * Add means to provide library parameters to C_Initialize * add OSXSAVE and XCR0 tests to AVX2 detection. * Typo in ssl3_AppendHandshakeNumber * Introducing input check of ssl3_AppendHandshakeNumber * Fix Invalid casts in instance.c Update to NSS 3.94: * Updated code and commit ID for HACL* * update ACVP fuzzed test vector: refuzzed with current NSS * Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * NSS needs a database tool that can dump the low level representation of the database * declare string literals using char in pkixnames_tests.cpp * avoid implicit conversion for ByteString * update rust version for acvp docker * Moving the init function of the mpi_ints before clean-up in ec.c * P-256 ECDH and ECDSA from HACL* * Add ACVP test vectors to the repository * Stop relying on std::basic_string<uint8_t> * Transpose the PPC_ABI check from Makefile to gyp Update to NSS 3.93: * Update zlib in NSS to 1.3. * softoken: iterate hashUpdate calls for long inputs. * regenerate NameConstraints test certificates (bsc#1214980). Update to NSS 3.92: * Set nssckbi version number to 2.62 * Add 4 Atos TrustedRoot Root CA certificates to NSS * Add 4 SSL.com Root CA certificates * Add Sectigo E46 and R46 Root CA certificates * Add LAWtrust Root CA2 (4096) * Remove E-Tugra Certification Authority root * Remove Camerfirma Chambers of Commerce Root. * Remove Hongkong Post Root CA 1 * Remove E-Tugra Global Root CA ECC v3 and RSA v3 * Avoid redefining BYTE_ORDER on hppa Linux Update to NSS 3.91: * Implementation of the HW support check for ADX instruction * Removing the support of Curve25519 * Fix comment about the addition of ticketSupportsEarlyData * Adding args to enable-legacy-db build * dbtests.sh failure in 'certutil dump keys with explicit default trust flags' * Initialize flags in slot structures * Improve the length check of RSA input to avoid heap overflow * Followup Fixes * avoid processing unexpected inputs by checking for m_exptmod base sign * add a limit check on order_k to avoid infinite loop * Update HACL* to commit 5f6051d2 * add SHA3 to cryptohi and softoken * HACL SHA3 * Disabling ASM C25519 for A but X86_64 Update to NSS 3.90.3: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * clean up escape handling. * remove redundant AllocItem implementation. * Disable ASM support for Curve25519. * Disable ASM support for Curve25519 for all but X86_64. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-Azure-BYOS-2024-2564,Image SLES12-SP5-Azure-Basic-On-Demand-2024-2564,Image SLES12-SP5-Azure-HPC-BYOS-2024-2564,Image SLES12-SP5-Azure-HPC-On-Demand-2024-2564,Image SLES12-SP5-Azure-SAP-BYOS-2024-2564,Image SLES12-SP5-Azure-SAP-On-Demand-2024-2564,Image SLES12-SP5-Azure-Standard-On-Demand-2024-2564,Image SLES12-SP5-EC2-BYOS-2024-2564,Image SLES12-SP5-EC2-ECS-On-Demand-2024-2564,Image SLES12-SP5-EC2-On-Demand-2024-2564,Image SLES12-SP5-EC2-SAP-BYOS-2024-2564,Image SLES12-SP5-EC2-SAP-On-Demand-2024-2564,Image SLES12-SP5-GCE-BYOS-2024-2564,Image SLES12-SP5-GCE-On-Demand-2024-2564,Image SLES12-SP5-GCE-SAP-BYOS-2024-2564,Image SLES12-SP5-GCE-SAP-On-Demand-2024-2564,Image SLES12-SP5-SAP-Azure-LI-BYOS-Production-2024-2564,Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production-2024-2564,SUSE-2024-2564,SUSE-SLE-SDK-12-SP5-2024-2564,SUSE-SLE-SERVER-12-SP5-2024-2564 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/-2024-2564/suse-ru-20242564-1/ Link for SUSE-RU-2024:2564-1 https://lists.suse.com/pipermail/sle-updates/2024-July/036070.html E-Mail link for SUSE-RU-2024:2564-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1214980 SUSE Bug 1214980 https://bugzilla.suse.com/1222804 SUSE Bug 1222804 https://bugzilla.suse.com/1222807 SUSE Bug 1222807 https://bugzilla.suse.com/1222811 SUSE Bug 1222811 https://bugzilla.suse.com/1222813 SUSE Bug 1222813 https://bugzilla.suse.com/1222814 SUSE Bug 1222814 https://bugzilla.suse.com/1222821 SUSE Bug 1222821 https://bugzilla.suse.com/1222822 SUSE Bug 1222822 https://bugzilla.suse.com/1222826 SUSE Bug 1222826 https://bugzilla.suse.com/1222828 SUSE Bug 1222828 https://bugzilla.suse.com/1222830 SUSE Bug 1222830 https://bugzilla.suse.com/1222833 SUSE Bug 1222833 https://bugzilla.suse.com/1222834 SUSE Bug 1222834 https://bugzilla.suse.com/1223724 SUSE Bug 1223724 https://bugzilla.suse.com/1224113 SUSE Bug 1224113 https://bugzilla.suse.com/1224115 SUSE Bug 1224115 https://bugzilla.suse.com/1224116 SUSE Bug 1224116 https://bugzilla.suse.com/1224118 SUSE Bug 1224118 https://www.suse.com/security/cve/CVE-2023-5388/ SUSE CVE CVE-2023-5388 page Image SLES12-SP5-Azure-BYOS Image SLES12-SP5-Azure-Basic-On-Demand Image SLES12-SP5-Azure-HPC-BYOS Image SLES12-SP5-Azure-HPC-On-Demand Image SLES12-SP5-Azure-SAP-BYOS Image SLES12-SP5-Azure-SAP-On-Demand Image SLES12-SP5-Azure-Standard-On-Demand Image SLES12-SP5-EC2-BYOS Image SLES12-SP5-EC2-ECS-On-Demand Image SLES12-SP5-EC2-On-Demand Image SLES12-SP5-EC2-SAP-BYOS Image SLES12-SP5-EC2-SAP-On-Demand Image SLES12-SP5-GCE-BYOS Image SLES12-SP5-GCE-On-Demand Image SLES12-SP5-GCE-SAP-BYOS Image SLES12-SP5-GCE-SAP-On-Demand Image SLES12-SP5-SAP-Azure-LI-BYOS-Production Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 mozilla-nss-certs-3.101.1-58.118.1 libfreebl3-3.101.1-58.118.1 libsoftokn3-3.101.1-58.118.1 mozilla-nss-3.101.1-58.118.1 libfreebl3-32bit-3.101.1-58.118.1 libfreebl3-64bit-3.101.1-58.118.1 libsoftokn3-32bit-3.101.1-58.118.1 libsoftokn3-64bit-3.101.1-58.118.1 mozilla-nss-32bit-3.101.1-58.118.1 mozilla-nss-64bit-3.101.1-58.118.1 mozilla-nss-certs-32bit-3.101.1-58.118.1 mozilla-nss-certs-64bit-3.101.1-58.118.1 mozilla-nss-devel-3.101.1-58.118.1 mozilla-nss-sysinit-3.101.1-58.118.1 mozilla-nss-sysinit-32bit-3.101.1-58.118.1 mozilla-nss-sysinit-64bit-3.101.1-58.118.1 mozilla-nss-tools-3.101.1-58.118.1 mozilla-nss-certs-3.101.1-58.118.1 as a component of Image SLES12-SP5-Azure-BYOS mozilla-nss-certs-3.101.1-58.118.1 as a component of Image SLES12-SP5-Azure-Basic-On-Demand mozilla-nss-certs-3.101.1-58.118.1 as a component of Image SLES12-SP5-Azure-HPC-BYOS mozilla-nss-certs-3.101.1-58.118.1 as a component of Image SLES12-SP5-Azure-HPC-On-Demand libfreebl3-3.101.1-58.118.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS libsoftokn3-3.101.1-58.118.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS mozilla-nss-3.101.1-58.118.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS mozilla-nss-certs-3.101.1-58.118.1 as a component of Image SLES12-SP5-Azure-SAP-BYOS libfreebl3-3.101.1-58.118.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand libsoftokn3-3.101.1-58.118.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand mozilla-nss-3.101.1-58.118.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand mozilla-nss-certs-3.101.1-58.118.1 as a component of Image SLES12-SP5-Azure-SAP-On-Demand mozilla-nss-certs-3.101.1-58.118.1 as a component of Image SLES12-SP5-Azure-Standard-On-Demand mozilla-nss-certs-3.101.1-58.118.1 as a component of Image SLES12-SP5-EC2-BYOS mozilla-nss-certs-3.101.1-58.118.1 as a component of Image SLES12-SP5-EC2-ECS-On-Demand mozilla-nss-certs-3.101.1-58.118.1 as a component of Image SLES12-SP5-EC2-On-Demand libfreebl3-3.101.1-58.118.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS libsoftokn3-3.101.1-58.118.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS mozilla-nss-3.101.1-58.118.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS mozilla-nss-certs-3.101.1-58.118.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS libfreebl3-3.101.1-58.118.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand libsoftokn3-3.101.1-58.118.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand mozilla-nss-3.101.1-58.118.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand mozilla-nss-certs-3.101.1-58.118.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand mozilla-nss-certs-3.101.1-58.118.1 as a component of Image SLES12-SP5-GCE-BYOS mozilla-nss-certs-3.101.1-58.118.1 as a component of Image SLES12-SP5-GCE-On-Demand libfreebl3-3.101.1-58.118.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS libsoftokn3-3.101.1-58.118.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS mozilla-nss-3.101.1-58.118.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS mozilla-nss-certs-3.101.1-58.118.1 as a component of Image SLES12-SP5-GCE-SAP-BYOS libfreebl3-3.101.1-58.118.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand libsoftokn3-3.101.1-58.118.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand mozilla-nss-3.101.1-58.118.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand mozilla-nss-certs-3.101.1-58.118.1 as a component of Image SLES12-SP5-GCE-SAP-On-Demand libfreebl3-3.101.1-58.118.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production libsoftokn3-3.101.1-58.118.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production mozilla-nss-3.101.1-58.118.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production mozilla-nss-certs-3.101.1-58.118.1 as a component of Image SLES12-SP5-SAP-Azure-LI-BYOS-Production libfreebl3-3.101.1-58.118.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production libsoftokn3-3.101.1-58.118.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production mozilla-nss-3.101.1-58.118.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production mozilla-nss-certs-3.101.1-58.118.1 as a component of Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production libfreebl3-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server 12 SP5 libfreebl3-32bit-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server 12 SP5 libsoftokn3-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server 12 SP5 libsoftokn3-32bit-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server 12 SP5 mozilla-nss-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server 12 SP5 mozilla-nss-32bit-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server 12 SP5 mozilla-nss-certs-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server 12 SP5 mozilla-nss-certs-32bit-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server 12 SP5 mozilla-nss-devel-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server 12 SP5 mozilla-nss-sysinit-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server 12 SP5 mozilla-nss-sysinit-32bit-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server 12 SP5 mozilla-nss-tools-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server 12 SP5 libfreebl3-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libfreebl3-32bit-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libsoftokn3-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libsoftokn3-32bit-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 mozilla-nss-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 mozilla-nss-32bit-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 mozilla-nss-certs-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 mozilla-nss-certs-32bit-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 mozilla-nss-devel-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 mozilla-nss-sysinit-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 mozilla-nss-sysinit-32bit-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 mozilla-nss-tools-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 mozilla-nss-devel-3.101.1-58.118.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. CVE-2023-5388 Image SLES12-SP5-Azure-BYOS:mozilla-nss-certs-3.101.1-58.118.1 Image SLES12-SP5-Azure-Basic-On-Demand:mozilla-nss-certs-3.101.1-58.118.1 Image SLES12-SP5-Azure-HPC-BYOS:mozilla-nss-certs-3.101.1-58.118.1 Image SLES12-SP5-Azure-HPC-On-Demand:mozilla-nss-certs-3.101.1-58.118.1 Image SLES12-SP5-Azure-SAP-BYOS:libfreebl3-3.101.1-58.118.1 Image SLES12-SP5-Azure-SAP-BYOS:libsoftokn3-3.101.1-58.118.1 Image SLES12-SP5-Azure-SAP-BYOS:mozilla-nss-3.101.1-58.118.1 Image SLES12-SP5-Azure-SAP-BYOS:mozilla-nss-certs-3.101.1-58.118.1 Image SLES12-SP5-Azure-SAP-On-Demand:libfreebl3-3.101.1-58.118.1 Image SLES12-SP5-Azure-SAP-On-Demand:libsoftokn3-3.101.1-58.118.1 Image SLES12-SP5-Azure-SAP-On-Demand:mozilla-nss-3.101.1-58.118.1 Image SLES12-SP5-Azure-SAP-On-Demand:mozilla-nss-certs-3.101.1-58.118.1 Image SLES12-SP5-Azure-Standard-On-Demand:mozilla-nss-certs-3.101.1-58.118.1 Image SLES12-SP5-EC2-BYOS:mozilla-nss-certs-3.101.1-58.118.1 Image SLES12-SP5-EC2-ECS-On-Demand:mozilla-nss-certs-3.101.1-58.118.1 Image SLES12-SP5-EC2-On-Demand:mozilla-nss-certs-3.101.1-58.118.1 Image SLES12-SP5-EC2-SAP-BYOS:libfreebl3-3.101.1-58.118.1 Image SLES12-SP5-EC2-SAP-BYOS:libsoftokn3-3.101.1-58.118.1 Image SLES12-SP5-EC2-SAP-BYOS:mozilla-nss-3.101.1-58.118.1 Image SLES12-SP5-EC2-SAP-BYOS:mozilla-nss-certs-3.101.1-58.118.1 Image SLES12-SP5-EC2-SAP-On-Demand:libfreebl3-3.101.1-58.118.1 Image SLES12-SP5-EC2-SAP-On-Demand:libsoftokn3-3.101.1-58.118.1 Image SLES12-SP5-EC2-SAP-On-Demand:mozilla-nss-3.101.1-58.118.1 Image SLES12-SP5-EC2-SAP-On-Demand:mozilla-nss-certs-3.101.1-58.118.1 Image SLES12-SP5-GCE-BYOS:mozilla-nss-certs-3.101.1-58.118.1 Image SLES12-SP5-GCE-On-Demand:mozilla-nss-certs-3.101.1-58.118.1 Image SLES12-SP5-GCE-SAP-BYOS:libfreebl3-3.101.1-58.118.1 Image SLES12-SP5-GCE-SAP-BYOS:libsoftokn3-3.101.1-58.118.1 Image SLES12-SP5-GCE-SAP-BYOS:mozilla-nss-3.101.1-58.118.1 Image SLES12-SP5-GCE-SAP-BYOS:mozilla-nss-certs-3.101.1-58.118.1 Image SLES12-SP5-GCE-SAP-On-Demand:libfreebl3-3.101.1-58.118.1 Image SLES12-SP5-GCE-SAP-On-Demand:libsoftokn3-3.101.1-58.118.1 Image SLES12-SP5-GCE-SAP-On-Demand:mozilla-nss-3.101.1-58.118.1 Image SLES12-SP5-GCE-SAP-On-Demand:mozilla-nss-certs-3.101.1-58.118.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libfreebl3-3.101.1-58.118.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:libsoftokn3-3.101.1-58.118.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:mozilla-nss-3.101.1-58.118.1 Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:mozilla-nss-certs-3.101.1-58.118.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libfreebl3-3.101.1-58.118.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:libsoftokn3-3.101.1-58.118.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:mozilla-nss-3.101.1-58.118.1 Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:mozilla-nss-certs-3.101.1-58.118.1 SUSE Linux Enterprise Server 12 SP5:libfreebl3-3.101.1-58.118.1 SUSE Linux Enterprise Server 12 SP5:libfreebl3-32bit-3.101.1-58.118.1 SUSE Linux Enterprise Server 12 SP5:libsoftokn3-3.101.1-58.118.1 SUSE Linux Enterprise Server 12 SP5:libsoftokn3-32bit-3.101.1-58.118.1 SUSE Linux Enterprise Server 12 SP5:mozilla-nss-3.101.1-58.118.1 SUSE Linux Enterprise Server 12 SP5:mozilla-nss-32bit-3.101.1-58.118.1 SUSE Linux Enterprise Server 12 SP5:mozilla-nss-certs-3.101.1-58.118.1 SUSE Linux Enterprise Server 12 SP5:mozilla-nss-certs-32bit-3.101.1-58.118.1 SUSE Linux Enterprise Server 12 SP5:mozilla-nss-devel-3.101.1-58.118.1 SUSE Linux Enterprise Server 12 SP5:mozilla-nss-sysinit-3.101.1-58.118.1 SUSE Linux Enterprise Server 12 SP5:mozilla-nss-sysinit-32bit-3.101.1-58.118.1 SUSE Linux Enterprise Server 12 SP5:mozilla-nss-tools-3.101.1-58.118.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libfreebl3-3.101.1-58.118.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libfreebl3-32bit-3.101.1-58.118.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libsoftokn3-3.101.1-58.118.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libsoftokn3-32bit-3.101.1-58.118.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:mozilla-nss-3.101.1-58.118.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:mozilla-nss-32bit-3.101.1-58.118.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:mozilla-nss-certs-3.101.1-58.118.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:mozilla-nss-certs-32bit-3.101.1-58.118.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:mozilla-nss-devel-3.101.1-58.118.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:mozilla-nss-sysinit-3.101.1-58.118.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:mozilla-nss-sysinit-32bit-3.101.1-58.118.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:mozilla-nss-tools-3.101.1-58.118.1 SUSE Linux Enterprise Software Development Kit 12 SP5:mozilla-nss-devel-3.101.1-58.118.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2024-2564/suse-ru-20242564-1/ https://www.suse.com/security/cve/CVE-2023-5388.html CVE-2023-5388 https://bugzilla.suse.com/1216198 SUSE Bug 1216198 https://bugzilla.suse.com/1221327 SUSE Bug 1221327