[El-errata] ELSA-2021-0538 Moderate: Oracle Linux 8 nss security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Feb 18 08:49:22 PST 2021


Oracle Linux Security Advisory ELSA-2021-0538

http://linux.oracle.com/errata/ELSA-2021-0538.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
nss-3.53.1-17.el8_3.i686.rpm
nss-3.53.1-17.el8_3.x86_64.rpm
nss-devel-3.53.1-17.el8_3.i686.rpm
nss-devel-3.53.1-17.el8_3.x86_64.rpm
nss-softokn-3.53.1-17.el8_3.i686.rpm
nss-softokn-3.53.1-17.el8_3.x86_64.rpm
nss-softokn-devel-3.53.1-17.el8_3.i686.rpm
nss-softokn-devel-3.53.1-17.el8_3.x86_64.rpm
nss-softokn-freebl-3.53.1-17.el8_3.i686.rpm
nss-softokn-freebl-3.53.1-17.el8_3.x86_64.rpm
nss-softokn-freebl-devel-3.53.1-17.el8_3.i686.rpm
nss-softokn-freebl-devel-3.53.1-17.el8_3.x86_64.rpm
nss-sysinit-3.53.1-17.el8_3.x86_64.rpm
nss-tools-3.53.1-17.el8_3.x86_64.rpm
nss-util-3.53.1-17.el8_3.i686.rpm
nss-util-3.53.1-17.el8_3.x86_64.rpm
nss-util-devel-3.53.1-17.el8_3.i686.rpm
nss-util-devel-3.53.1-17.el8_3.x86_64.rpm

aarch64:
nss-3.53.1-17.el8_3.aarch64.rpm
nss-devel-3.53.1-17.el8_3.aarch64.rpm
nss-softokn-3.53.1-17.el8_3.aarch64.rpm
nss-softokn-devel-3.53.1-17.el8_3.aarch64.rpm
nss-softokn-freebl-3.53.1-17.el8_3.aarch64.rpm
nss-softokn-freebl-devel-3.53.1-17.el8_3.aarch64.rpm
nss-sysinit-3.53.1-17.el8_3.aarch64.rpm
nss-tools-3.53.1-17.el8_3.aarch64.rpm
nss-util-3.53.1-17.el8_3.aarch64.rpm
nss-util-devel-3.53.1-17.el8_3.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/nss-3.53.1-17.el8_3.src.rpm



Description of changes:

[3.53.1-17]
- Fix various corner cases with ike v1 app b support.

[3.53.1-16]
- Fix the following CVE
- CVE-2020-12403 chacha-poly issues
- CVE-2020-12400 constant time ECC.
- CVE-2020-6829  constant time ECC.

[3.53.1-15]
- Revert some policy changes the generate ABI runtime issues.

[3.53.1-14]
- Add support for enable/disable in policy. Now if your policy
  file has disallow=x enable=y it will act just like our other
  libraries.

[3.53.1-13]
- Add OAEP interface so applications can wrap keys with RSA-OAEP
  rather than RSA-PKCS-1.

[3.53.1-12]
- fips need to reject small primes even if they are approved
- code to autodetect whether or not to use the cache needs to do so
  in a way that doesn't mess with filesystem negative file caching.
- add kdf selftests




More information about the El-errata mailing list