El-errata: ELSA-2020-4076 Moderate: Oracle Linux 7 nss and nspr security, bug fix, and enhancement update
Oracle Linux Security Advisory ELSA-2020-4076
http://linux.oracle.com/errata/ELSA-2020-4076.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
nspr-4.25.0-2.el7_9.i686.rpm
nspr-4.25.0-2.el7_9.x86_64.rpm
nspr-devel-4.25.0-2.el7_9.i686.rpm
nspr-devel-4.25.0-2.el7_9.x86_64.rpm
nss-3.53.1-3.el7_9.i686.rpm
nss-3.53.1-3.el7_9.x86_64.rpm
nss-devel-3.53.1-3.el7_9.i686.rpm
nss-devel-3.53.1-3.el7_9.x86_64.rpm
nss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm
nss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm
nss-softokn-3.53.1-6.0.1.el7_9.i686.rpm
nss-softokn-3.53.1-6.0.1.el7_9.x86_64.rpm
nss-softokn-devel-3.53.1-6.0.1.el7_9.i686.rpm
nss-softokn-devel-3.53.1-6.0.1.el7_9.x86_64.rpm
nss-softokn-freebl-3.53.1-6.0.1.el7_9.i686.rpm
nss-softokn-freebl-3.53.1-6.0.1.el7_9.x86_64.rpm
nss-softokn-freebl-devel-3.53.1-6.0.1.el7_9.i686.rpm
nss-softokn-freebl-devel-3.53.1-6.0.1.el7_9.x86_64.rpm
nss-sysinit-3.53.1-3.el7_9.x86_64.rpm
nss-tools-3.53.1-3.el7_9.x86_64.rpm
nss-util-3.53.1-1.el7_9.i686.rpm
nss-util-3.53.1-1.el7_9.x86_64.rpm
nss-util-devel-3.53.1-1.el7_9.i686.rpm
nss-util-devel-3.53.1-1.el7_9.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/nspr-4.25.0-2.el7_9.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/nss-3.53.1-3.el7_9.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/nss-softokn-3.53.1-6.0.1.el7_9.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/nss-util-3.53.1-1.el7_9.src.rpm
Description of changes:
nspr
[4.25.0-2]
- Rebuild to fix wrong dist tag
[4.25.0-1]
- Rebase to NSPR 4.25
nss
[3.53.1-3]
- Disable dh timing test because it's unreliable on s390 (from Bob Relyea)
- Explicitly enable upgradedb/sharedb test cycles
[3.53.1-2]
- Disable TLS 1.3 by default
[3.53.1-1]
- Rebase to NSS 3.53.1
[3.44.0-8]
- Increase timeout on ssl_gtest so that slow platforms can complete when
running on a busy system.
nss-softokn
[3.53.1-6.0.1]
- Add fips140-2 DSA Known Answer Test fix [Orabug: 26679337]
- Add fips140-2 ECDSA/RSA/DSA Pairwise Consistency Test fix [Orabug:
26617814],
[Orabug: 26617879], [Orabug: 26617849]
[3.53.1-6]
- turn of ALTIVEC instruction for powerpc because they require
power8 and we need to support power7 on RHEL7 still.
- Fix typo in measure.
- Make sure only 2048 and greater primes are used in FIPS mode
for dh.
[3.53.1-5]
- Fix the patch application in the previous change
[3.53.1-4]
- Fix glibc regression in the rebase; run RNG self-tests only if NSPR is
linked
[3.53.1-3]
- include patches for CVE-2020-6829, CVE-2020-12400,
and CVE-2020-12401 from upstream (ECC constant time issues).
- include patches for CVE-2020-12403 from upstream
(CHACHA issues).
- include self-tests for kdfs and cmac.
[3.53.1-2]
- Install cmac.h required by blapi.h (#1764513)
[3.53.1-1]
- Rebase to NSS 3.53.1
nss-util
[3.53.1-1]
- Rebase to NSS 3.53.1
A nss and nspr security, bug fix, and enhancement update has been released for Oracle Linux 7.