[El-errata] ELSA-2021-0538 Moderate: Oracle Linux 8 nss security and bug fix update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu Feb 18 08:49:22 PST 2021
Oracle Linux Security Advisory ELSA-2021-0538
http://linux.oracle.com/errata/ELSA-2021-0538.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
nss-3.53.1-17.el8_3.i686.rpm
nss-3.53.1-17.el8_3.x86_64.rpm
nss-devel-3.53.1-17.el8_3.i686.rpm
nss-devel-3.53.1-17.el8_3.x86_64.rpm
nss-softokn-3.53.1-17.el8_3.i686.rpm
nss-softokn-3.53.1-17.el8_3.x86_64.rpm
nss-softokn-devel-3.53.1-17.el8_3.i686.rpm
nss-softokn-devel-3.53.1-17.el8_3.x86_64.rpm
nss-softokn-freebl-3.53.1-17.el8_3.i686.rpm
nss-softokn-freebl-3.53.1-17.el8_3.x86_64.rpm
nss-softokn-freebl-devel-3.53.1-17.el8_3.i686.rpm
nss-softokn-freebl-devel-3.53.1-17.el8_3.x86_64.rpm
nss-sysinit-3.53.1-17.el8_3.x86_64.rpm
nss-tools-3.53.1-17.el8_3.x86_64.rpm
nss-util-3.53.1-17.el8_3.i686.rpm
nss-util-3.53.1-17.el8_3.x86_64.rpm
nss-util-devel-3.53.1-17.el8_3.i686.rpm
nss-util-devel-3.53.1-17.el8_3.x86_64.rpm
aarch64:
nss-3.53.1-17.el8_3.aarch64.rpm
nss-devel-3.53.1-17.el8_3.aarch64.rpm
nss-softokn-3.53.1-17.el8_3.aarch64.rpm
nss-softokn-devel-3.53.1-17.el8_3.aarch64.rpm
nss-softokn-freebl-3.53.1-17.el8_3.aarch64.rpm
nss-softokn-freebl-devel-3.53.1-17.el8_3.aarch64.rpm
nss-sysinit-3.53.1-17.el8_3.aarch64.rpm
nss-tools-3.53.1-17.el8_3.aarch64.rpm
nss-util-3.53.1-17.el8_3.aarch64.rpm
nss-util-devel-3.53.1-17.el8_3.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/nss-3.53.1-17.el8_3.src.rpm
Description of changes:
[3.53.1-17]
- Fix various corner cases with ike v1 app b support.
[3.53.1-16]
- Fix the following CVE
- CVE-2020-12403 chacha-poly issues
- CVE-2020-12400 constant time ECC.
- CVE-2020-6829 constant time ECC.
[3.53.1-15]
- Revert some policy changes the generate ABI runtime issues.
[3.53.1-14]
- Add support for enable/disable in policy. Now if your policy
file has disallow=x enable=y it will act just like our other
libraries.
[3.53.1-13]
- Add OAEP interface so applications can wrap keys with RSA-OAEP
rather than RSA-PKCS-1.
[3.53.1-12]
- fips need to reject small primes even if they are approved
- code to autodetect whether or not to use the cache needs to do so
in a way that doesn't mess with filesystem negative file caching.
- add kdf selftests
More information about the El-errata
mailing list