File _patchinfo of Package patchinfo.4602

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.4602

<patchinfo incident="4602">
  <issue id="1026102" tracker="bnc">java-1_8_0-openjdk ECC crytpo is broken *again* since last mozilla-nss update in Tumblweed</issue>
  <issue id="1015547" tracker="bnc">VUL-0: CVE-2016-8635: mozilla-nss: small-subgroups attack flaw</issue>
  <issue id="1021636" tracker="bnc">firefox-esr 45.6.0 and 45.7.0 fail to show https://www.google.com and other sites</issue>
  <issue id="1030071" tracker="bnc">VUL-1: mozilla-nss: hash truncation due to use of logical instead of arithmetical or expression</issue>
  <issue id="1035082" tracker="bnc">VUL-0: MozillaFirefox 53 / 45.9 release</issue>
  <issue id="983639" tracker="bnc">VUL-0: CVE-2016-2834: mozilla-nss: Memory safety bugs fixed in NSS 3.23 (MFSA 2016-61)</issue>
  <issue id="1015499" tracker="bnc">VUL-0: CVE-2016-9574: mozilla-nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA</issue>
  <issue id="2016-9574" tracker="cve" />
  <issue id="2016-1950" tracker="cve" />
  <issue id="2016-2834" tracker="cve" />
  <issue id="2016-8635" tracker="cve" />
  <issue id="2017-5429" tracker="cve" />
  <issue id="2017-5432" tracker="cve" />
  <issue id="2017-5433" tracker="cve" />
  <issue id="2017-5434" tracker="cve" />
  <issue id="2017-5435" tracker="cve" />
  <issue id="2017-5436" tracker="cve" />
  <issue id="2017-5437" tracker="cve" />
  <issue id="2017-5438" tracker="cve" />
  <issue id="2017-5439" tracker="cve" />
  <issue id="2017-5440" tracker="cve" />
  <issue id="2017-5441" tracker="cve" />
  <issue id="2017-5442" tracker="cve" />
  <issue id="2017-5443" tracker="cve" />
  <issue id="2017-5444" tracker="cve" />
  <issue id="2017-5445" tracker="cve" />
  <issue id="2017-5446" tracker="cve" />
  <issue id="2017-5447" tracker="cve" />
  <issue id="2017-5448" tracker="cve" />
  <issue id="2017-5459" tracker="cve" />
  <issue id="2017-5460" tracker="cve" />
  <issue id="2017-5461" tracker="cve" />
  <issue id="2017-5462" tracker="cve" />
  <issue id="2017-5464" tracker="cve" />
  <issue id="2017-5465" tracker="cve" />
  <issue id="2017-5469" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>pcerny</packager>
  <description>
Mozilla Firefox was updated to the Firefox ESR release 45.9.

Mozilla NSS was updated to support TLS 1.3 (close to release draft) and various new 
ciphers, PRFs, Diffie Hellman key agreement and support for more hashes.

Security issues fixed in Firefox (bsc#1035082)

- MFSA 2017-11/CVE-2017-5469: Potential Buffer overflow in flex-generated code
- MFSA 2017-11/CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1
- MFSA 2017-11/CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
- MFSA 2017-11/CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
- MFSA 2017-11/CVE-2017-5437: Vulnerabilities in Libevent library
- MFSA 2017-11/CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
- MFSA 2017-11/CVE-2017-5435: Use-after-free during transaction processing in the editor
- MFSA 2017-11/CVE-2017-5434: Use-after-free during focus handling
- MFSA 2017-11/CVE-2017-5433: Use-after-free in SMIL animation functions
- MFSA 2017-11/CVE-2017-5432: Use-after-free in text input selection
- MFSA 2017-11/CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
- MFSA 2017-11/CVE-2017-5465: Out-of-bounds read in ConvolvePixel
- MFSA 2017-11/CVE-2017-5460: Use-after-free in frame selection
- MFSA 2017-11/CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
- MFSA 2017-11/CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
- MFSA 2017-11/CVE-2017-5447: Out-of-bounds read during glyph processing
- MFSA 2017-11/CVE-2017-5444: Buffer overflow while parsing application/http-index-format content
- MFSA 2017-11/CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content
- MFSA 2017-11/CVE-2017-5442: Use-after-free during style changes
- MFSA 2017-11/CVE-2017-5443: Out-of-bounds write during BinHex decoding
- MFSA 2017-11/CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing
- MFSA 2017-11/CVE-2017-5441: Use-after-free with selection during scroll events
- MFSA 2017-11/CVE-2017-5459: Buffer overflow in WebGL

Mozilla NSS was updated to 3.29.5, bringing new features and fixing bugs:

- Update to NSS 3.29.5:
  * MFSA 2017-11/CVE-2017-5461: Rare crashes in the base 64 decoder and encoder were fixed.
  * MFSA 2017-11/CVE-2017-5462: A carry over bug in the RNG was fixed.
  * CVE-2016-9574: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA (bsc#1015499).
  * requires NSPR >= 4.13.1

- Update to NSS 3.29.3

* enables TLS 1.3 by default

- Fixed a bug in hash computation (and build with
  GCC 7 which complains about shifts of boolean values).
  (bsc#1030071, bmo#1348767)

- Update to NSS 3.28.3

This is a patch release to fix binary compatibility issues.

- Update to NSS 3.28.1

This is a patch release to update the list of root CA certificates.

* The following CA certificates were Removed

CN = Buypass Class 2 CA 1
    CN = Root CA Generalitat Valenciana
    OU = RSA Security 2048 V3

* The following CA certificates were Added

OU = AC RAIZ FNMT-RCM
    CN = Amazon Root CA 1
    CN = Amazon Root CA 2
    CN = Amazon Root CA 3
    CN = Amazon Root CA 4
    CN = LuxTrust Global Root 2
    CN = Symantec Class 1 Public Primary Certification Authority - G4
    CN = Symantec Class 1 Public Primary Certification Authority - G6
    CN = Symantec Class 2 Public Primary Certification Authority - G4
    CN = Symantec Class 2 Public Primary Certification Authority - G6

* The version number of the updated root CA list has been set to 2.11

- Update to NSS 3.28

New functionality:

* NSS includes support for TLS 1.3 draft -18. This includes a number
    of improvements to TLS 1.3:

- The signed certificate timestamp, used in certificate
      transparency, is supported in TLS 1.3.
    - Key exporters for TLS 1.3 are supported. This includes the early
      key exporter, which can be used if 0-RTT is enabled. Note that
      there is a difference between TLS 1.3 and key exporters in older
      versions of TLS. TLS 1.3 does not distinguish between an empty
      context and no context.
    - The TLS 1.3 (draft) protocol can be enabled, by defining
      NSS_ENABLE_TLS_1_3=1 when building NSS.
    - NSS includes support for the X25519 key exchange algorithm,
      which is supported and enabled by default in all versions of TLS.

Notable Changes:

* NSS can no longer be compiled with support for additional elliptic curves.
    This was previously possible by replacing certain NSS source files.
  * NSS will now detect the presence of tokens that support additional
    elliptic curves and enable those curves for use in TLS.
    Note that this detection has a one-off performance cost, which can be
    avoided by using the SSL_NamedGroupConfig function to limit supported
    groups to those that NSS provides.
  * PKCS#11 bypass for TLS is no longer supported and has been removed.
  * Support for "export" grade SSL/TLS cipher suites has been removed.
  * NSS now uses the signature schemes definition in TLS 1.3.
    This also affects TLS 1.2. NSS will now only generate signatures with the
    combinations of hash and signature scheme that are defined in TLS 1.3,
    even when negotiating TLS 1.2.

- This means that SHA-256 will only be used with P-256 ECDSA certificates,
      SHA-384 with P-384 certificates, and SHA-512 with P-521 certificates.
      SHA-1 is permitted (in TLS 1.2 only) with any certificate for backward
      compatibility reasons.
    - NSS will now no longer assume that default signature schemes are
      supported by a peer if there was no commonly supported signature scheme.

* NSS will now check if RSA-PSS signing is supported by the token that holds
    the private key prior to using it for TLS.
  * The certificate validation code contains checks to no longer trust
    certificates that are issued by old WoSign and StartCom CAs after
    October 21, 2016. This is equivalent to the behavior that Mozilla will
    release with Firefox 51.

- Update to NSS 3.27.2
  * Fixed SSL_SetTrustAnchors leaks (bmo#1318561)

- raised the minimum softokn/freebl version to 3.28 as reported in (boo#1021636)

- Update to NSS 3.26.2

New Functionality:

* the selfserv test utility has been enhanced to support ALPN
    (HTTP/1.1) and 0-RTT
  * added support for the System-wide crypto policy available on
    Fedora Linux see http://fedoraproject.org/wiki/Changes/CryptoPolicy
  * introduced build flag NSS_DISABLE_LIBPKIX that allows compilation
    of NSS without the libpkix library

Notable Changes:

* The following CA certificate was Added
    CN = ISRG Root X1
  * NPN is disabled and ALPN is enabled by default
  * the NSS test suite now completes with the experimental TLS 1.3
    code enabled
  * several test improvements and additions, including a NIST known answer test

Changes in 3.26.2
  * MD5 signature algorithms sent by the server in CertificateRequest
    messages are now properly ignored. Previously, with rare server
    configurations, an MD5 signature algorithm might have been selected
    for client authentication and caused the client to abort the
    connection soon after.

- Update to NSS 3.25

New functionality:

* Implemented DHE key agreement for TLS 1.3
  * Added support for ChaCha with TLS 1.3
  * Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF
  * In previous versions, when using client authentication with TLS 1.2,
    NSS only supported certificate_verify messages that used the same
    signature hash algorithm as used by the PRF. This limitation has
    been removed.

Notable changes:

* An SSL socket can no longer be configured to allow both TLS 1.3 and SSLv3
  * Regression fix: NSS no longer reports a failure if an application
    attempts to disable the SSLv2 protocol.
  * The list of trusted CA certificates has been updated to version 2.8
  * The following CA certificate was Removed
    Sonera Class1 CA
  * The following CA certificates were Added
    Hellenic Academic and Research Institutions RootCA 2015
    Hellenic Academic and Research Institutions ECC RootCA 2015
    Certplus Root CA G1
    Certplus Root CA G2
    OpenTrust Root CA G1
    OpenTrust Root CA G2
    OpenTrust Root CA G3

- Update to NSS 3.24

New functionality:

* NSS softoken has been updated with the latest National Institute
    of Standards and Technology (NIST) guidance (as of 2015):
    - Software integrity checks and POST functions are executed on
      shared library load. These checks have been disabled by default,
      as they can cause a performance regression. To enable these
      checks, you must define symbol NSS_FORCE_FIPS when building NSS.
    - Counter mode and Galois/Counter Mode (GCM) have checks to
      prevent counter overflow.
    - Additional CSPs are zeroed in the code.
    - NSS softoken uses new guidance for how many Rabin-Miller tests
      are needed to verify a prime based on prime size.
  * NSS softoken has also been updated to allow NSS to run in FIPS
    Level 1 (no password). This mode is triggered by setting the
    database password to the empty string. In FIPS mode, you may move
    from Level 1 to Level 2 (by setting an appropriate password),
    but not the reverse.
  * A SSL_ConfigServerCert function has been added for configuring
    SSL/TLS server sockets with a certificate and private key. Use
    this new function in place of SSL_ConfigSecureServer,
    SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses,
    and SSL_SetSignedCertTimestamps. SSL_ConfigServerCert automatically
    determines the certificate type from the certificate and private key.
    The caller is no longer required to use SSLKEAType explicitly to
    select a "slot" into which the certificate is configured (which
    incorrectly identifies a key agreement type rather than a certificate).
    Separate functions for configuring Online Certificate Status Protocol
    (OCSP) responses or Signed Certificate Timestamps are not needed,
    since these can be added to the optional SSLExtraServerCertData struct
    provided to SSL_ConfigServerCert.  Also, partial support for RSA
    Probabilistic Signature Scheme (RSA-PSS) certificates has been added.
    Although these certificates can be configured, they will not be
    used by NSS in this version.
  * Deprecate the member attribute authAlgorithm of type SSLCipherSuiteInfo.
    Instead, applications should use the newly added attribute authType.
  * Add a shared library (libfreeblpriv3) on Linux platforms that
    define FREEBL_LOWHASH.
  * Remove most code related to SSL v2, including the ability to actively
    send a SSLv2-compatible client hello. However, the server-side
    implementation of the SSL/TLS protocol still supports processing
    of received v2-compatible client hello messages.
  * Disable (by default) NSS support in optimized builds for logging SSL/TLS
    key material to a logfile if the SSLKEYLOGFILE environment variable
    is set. To enable the functionality in optimized builds, you must define
    the symbol NSS_ALLOW_SSLKEYLOGFILE when building NSS.
  * Update NSS to protect it against the Cachebleed attack.
  * Disable support for DTLS compression.
  * Improve support for TLS 1.3. This includes support for DTLS 1.3.
    Note that TLS 1.3 support is experimental and not suitable for
    production use.

- Update to NSS 3.23

New functionality:

* ChaCha20/Poly1305 cipher and TLS cipher suites now supported
  * Experimental-only support TLS 1.3 1-RTT mode (draft-11).
    This code is not ready for production use.

Notable changes:

* The list of TLS extensions sent in the TLS handshake has been
    reordered to increase compatibility of the Extended Master Secret
    with with servers
  * The build time environment variable NSS_ENABLE_ZLIB has been
    renamed to NSS_SSL_ENABLE_ZLIB
  * The build time environment variable NSS_DISABLE_CHACHAPOLY was
    added, which can be used to prevent compilation of the
    ChaCha20/Poly1305 code.
  * The following CA certificates were Removed

- Staat der Nederlanden Root CA
    - NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado
    - NetLock Kozjegyzoi (Class A) Tanusitvanykiado
    - NetLock Uzleti (Class B) Tanusitvanykiado
    - NetLock Expressz (Class C) Tanusitvanykiado
    - VeriSign Class 1 Public PCA - G2
    - VeriSign Class 3 Public PCA
    - VeriSign Class 3 Public PCA - G2
    - CA Disig

* The following CA certificates were Added

+ SZAFIR ROOT CA2
    + Certum Trusted Network CA 2

* The following CA certificate had the Email trust bit turned on

+ Actalis Authentication Root CA

Security fixes:
  * CVE-2016-2834: Memory safety bugs (boo#983639)
    MFSA-2016-61 bmo#1206283 bmo#1221620 bmo#1241034 bmo#1241037

- Update to NSS 3.22.3
  * Increase compatibility of TLS extended master secret,
    don't send an empty TLS extension last in the handshake
    (bmo#1243641)
  * Fixed a heap-based buffer overflow related to the parsing of
    certain ASN.1 structures. An attacker could create a specially-crafted
    certificate which, when parsed by NSS, would cause a crash or
    execution of arbitrary code with the permissions of the user.
    (CVE-2016-1950, bmo#1245528)

- Update to NSS 3.22.2

New functionality:

* RSA-PSS signatures are now supported (bmo#1215295)
  * Pseudorandom functions based on hashes other than SHA-1 are now supported
  * Enforce an External Policy on NSS from a config file (bmo#1009429)

- CVE-2016-8635: Fix for DH small subgroup confinement attack (bsc#1015547)

Mozilla NSPR was updated to version 4.13.1:

The previously released version 4.13 had changed pipes to be
  nonblocking by default, and as a consequence, PollEvent was
  changed to not block on clear.
  The NSPR development team received reports that these changes
  caused regressions in some applications that use NSPR, and it
  has been decided to revert the changes made in NSPR 4.13.
  NSPR 4.13.1 restores the traditional behavior of pipes and
  PollEvent.

Mozilla NSPR update to version 4.13 had these changes:

- PL_strcmp (and others) were fixed to return consistent results
    when one of the arguments is NULL.
- PollEvent was fixed to not block on clear.
- Pipes are always nonblocking.
- PR_GetNameForIdentity: added thread safety lock and bound checks.
- Removed the PLArena freelist.
- Avoid some integer overflows.
- fixed several comments.

This update also contains java-1_8_0-openjdk that needed to be rebuilt against the new
mozilla-nss version.
</description>
  <summary>Security update for MozillaFirefox, mozilla-nss, mozilla-nspr, java-1_8_0-openjdk</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.4602

Places