Recommended update for mozilla-nspr, mozilla-nss

Announcement ID: SUSE-RU-2019:2025-2
Rating: moderate
References:
Affected Products:
  • SUSE Enterprise Storage 5
  • SUSE Linux Enterprise High Performance Computing 12 SP3
  • SUSE Linux Enterprise Server 12 SP3
  • SUSE Linux Enterprise Server 12 SP3 ESPOS 12-SP3
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3

An update that has one fix can now be installed.

Description:

This update for mozilla-nspr, mozilla-nss fixes the following issues:

mozilla-nss was updated to NSS 3.45 (bsc#1141322):

  • New function in pk11pub.h: PK11_FindRawCertsWithSubject
  • The following CA certificates were Removed: CN = Certinomis - Root CA (bmo#1552374)
  • Implement Delegated Credentials (draft-ietf-tls-subcerts) (bmo#1540403) This adds a new experimental function SSL_DelegateCredential Note: In 3.45, selfserv does not yet support delegated credentials (See bmo#1548360). Note: In 3.45 the SSLChannelInfo is left unmodified, while an upcoming change in 3.46 will set SSLChannelInfo.authKeyBits to that of the delegated credential for better policy enforcement (See bmo#1563078).
  • Replace ARM32 Curve25519 implementation with one from fiat-crypto (bmo#1550579)
  • Expose a function PK11_FindRawCertsWithSubject for finding certificates with a given subject on a given slot (bmo#1552262)
  • Add IPSEC IKE support to softoken (bmo#1546229)
  • Add support for the Elbrus lcc compiler (<=1.23) (bmo#1554616)
  • Expose an external clock for SSL (bmo#1543874) This adds new experimental functions: SSL_SetTimeFunc, SSL_CreateAntiReplayContext, SSL_SetAntiReplayContext, and SSL_ReleaseAntiReplayContext. The experimental function SSL_InitAntiReplay is removed.
  • Various changes in response to the ongoing FIPS review (bmo#1546477) Note: The source package size has increased substantially due to the new FIPS test vectors. This will likely prompt follow-on work, but please accept our apologies in the meantime.

mozilla-nspr was updated to version 4.21:

  • Changed prbit.h to use builtin function on aarch64.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server 12 SP3 ESPOS 12-SP3
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-ESPOS-2019-2025=1
  • SUSE Enterprise Storage 5
    zypper in -t patch SUSE-Storage-5-2019-2025=1

Package List:

  • SUSE Linux Enterprise Server 12 SP3 ESPOS 12-SP3 (aarch64 x86_64)
    • libsoftokn3-hmac-3.45-58.31.1
    • mozilla-nss-certs-3.45-58.31.1
    • mozilla-nss-devel-3.45-58.31.1
    • mozilla-nss-sysinit-debuginfo-3.45-58.31.1
    • mozilla-nss-debugsource-3.45-58.31.1
    • libfreebl3-hmac-3.45-58.31.1
    • mozilla-nss-tools-3.45-58.31.1
    • mozilla-nss-certs-debuginfo-3.45-58.31.1
    • mozilla-nspr-debugsource-4.21-19.9.1
    • libfreebl3-debuginfo-3.45-58.31.1
    • mozilla-nspr-debuginfo-4.21-19.9.1
    • mozilla-nspr-devel-4.21-19.9.1
    • mozilla-nss-3.45-58.31.1
    • mozilla-nspr-4.21-19.9.1
    • mozilla-nss-debuginfo-3.45-58.31.1
    • mozilla-nss-sysinit-3.45-58.31.1
    • libfreebl3-3.45-58.31.1
    • libsoftokn3-3.45-58.31.1
    • mozilla-nss-tools-debuginfo-3.45-58.31.1
    • libsoftokn3-debuginfo-3.45-58.31.1
  • SUSE Linux Enterprise Server 12 SP3 ESPOS 12-SP3 (x86_64)
    • libfreebl3-32bit-3.45-58.31.1
    • libfreebl3-debuginfo-32bit-3.45-58.31.1
    • mozilla-nss-sysinit-32bit-3.45-58.31.1
    • mozilla-nss-certs-32bit-3.45-58.31.1
    • mozilla-nss-debuginfo-32bit-3.45-58.31.1
    • libsoftokn3-hmac-32bit-3.45-58.31.1
    • mozilla-nspr-32bit-4.21-19.9.1
    • libsoftokn3-debuginfo-32bit-3.45-58.31.1
    • libsoftokn3-32bit-3.45-58.31.1
    • mozilla-nspr-debuginfo-32bit-4.21-19.9.1
    • mozilla-nss-certs-debuginfo-32bit-3.45-58.31.1
    • mozilla-nss-sysinit-debuginfo-32bit-3.45-58.31.1
    • mozilla-nss-32bit-3.45-58.31.1
    • libfreebl3-hmac-32bit-3.45-58.31.1
  • SUSE Enterprise Storage 5 (aarch64)
    • libsoftokn3-hmac-3.45-58.31.1
    • mozilla-nss-certs-3.45-58.31.1
    • mozilla-nss-devel-3.45-58.31.1
    • mozilla-nss-sysinit-debuginfo-3.45-58.31.1
    • mozilla-nss-debugsource-3.45-58.31.1
    • libfreebl3-hmac-3.45-58.31.1
    • mozilla-nss-tools-3.45-58.31.1
    • mozilla-nss-certs-debuginfo-3.45-58.31.1
    • mozilla-nspr-debugsource-4.21-19.9.1
    • libfreebl3-debuginfo-3.45-58.31.1
    • mozilla-nspr-debuginfo-4.21-19.9.1
    • mozilla-nspr-devel-4.21-19.9.1
    • mozilla-nss-3.45-58.31.1
    • mozilla-nspr-4.21-19.9.1
    • mozilla-nss-debuginfo-3.45-58.31.1
    • mozilla-nss-sysinit-3.45-58.31.1
    • libfreebl3-3.45-58.31.1
    • libsoftokn3-3.45-58.31.1
    • mozilla-nss-tools-debuginfo-3.45-58.31.1
    • libsoftokn3-debuginfo-3.45-58.31.1

References: