[El-errata] ELSA-2020-4076 Moderate: Oracle Linux 7 nss and nspr security, bug fix, and enhancement update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Oct 8 20:20:41 PDT 2020


Oracle Linux Security Advisory ELSA-2020-4076

http://linux.oracle.com/errata/ELSA-2020-4076.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
nspr-4.25.0-2.el7_9.i686.rpm
nspr-4.25.0-2.el7_9.x86_64.rpm
nspr-devel-4.25.0-2.el7_9.i686.rpm
nspr-devel-4.25.0-2.el7_9.x86_64.rpm
nss-3.53.1-3.el7_9.i686.rpm
nss-3.53.1-3.el7_9.x86_64.rpm
nss-devel-3.53.1-3.el7_9.i686.rpm
nss-devel-3.53.1-3.el7_9.x86_64.rpm
nss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm
nss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm
nss-softokn-3.53.1-6.0.1.el7_9.i686.rpm
nss-softokn-3.53.1-6.0.1.el7_9.x86_64.rpm
nss-softokn-devel-3.53.1-6.0.1.el7_9.i686.rpm
nss-softokn-devel-3.53.1-6.0.1.el7_9.x86_64.rpm
nss-softokn-freebl-3.53.1-6.0.1.el7_9.i686.rpm
nss-softokn-freebl-3.53.1-6.0.1.el7_9.x86_64.rpm
nss-softokn-freebl-devel-3.53.1-6.0.1.el7_9.i686.rpm
nss-softokn-freebl-devel-3.53.1-6.0.1.el7_9.x86_64.rpm
nss-sysinit-3.53.1-3.el7_9.x86_64.rpm
nss-tools-3.53.1-3.el7_9.x86_64.rpm
nss-util-3.53.1-1.el7_9.i686.rpm
nss-util-3.53.1-1.el7_9.x86_64.rpm
nss-util-devel-3.53.1-1.el7_9.i686.rpm
nss-util-devel-3.53.1-1.el7_9.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/nspr-4.25.0-2.el7_9.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/nss-3.53.1-3.el7_9.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/nss-softokn-3.53.1-6.0.1.el7_9.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/nss-util-3.53.1-1.el7_9.src.rpm



Description of changes:

nspr
[4.25.0-2]
- Rebuild to fix wrong dist tag

[4.25.0-1]
- Rebase to NSPR 4.25

nss
[3.53.1-3]
- Disable dh timing test because it's unreliable on s390 (from Bob Relyea)
- Explicitly enable upgradedb/sharedb test cycles

[3.53.1-2]
- Disable TLS 1.3 by default

[3.53.1-1]
- Rebase to NSS 3.53.1

[3.44.0-8]
- Increase timeout on ssl_gtest so that slow platforms can complete when
running on a busy system.

nss-softokn
[3.53.1-6.0.1]
- Add fips140-2 DSA Known Answer Test fix [Orabug: 26679337]
- Add fips140-2 ECDSA/RSA/DSA Pairwise Consistency Test fix [Orabug: 
26617814],
[Orabug: 26617879], [Orabug: 26617849]

[3.53.1-6]
- turn of ALTIVEC instruction for powerpc because they require
power8 and we need to support power7 on RHEL7 still.
- Fix typo in measure.
- Make sure only 2048 and greater primes are used in FIPS mode
for dh.

[3.53.1-5]
- Fix the patch application in the previous change

[3.53.1-4]
- Fix glibc regression in the rebase; run RNG self-tests only if NSPR is 
linked

[3.53.1-3]
- include patches for CVE-2020-6829, CVE-2020-12400,
and CVE-2020-12401 from upstream (ECC constant time issues).
- include patches for CVE-2020-12403 from upstream
(CHACHA issues).
- include self-tests for kdfs and cmac.

[3.53.1-2]
- Install cmac.h required by blapi.h (#1764513)

[3.53.1-1]
- Rebase to NSS 3.53.1

nss-util
[3.53.1-1]
- Rebase to NSS 3.53.1





More information about the El-errata mailing list