Oracle Linux 6261 Published by

A nss security and bug fix update has been released for Oracle Linux 8.



El-errata: ELSA-2021-0538 Moderate: Oracle Linux 8 nss security and bug fix update


Oracle Linux Security Advisory ELSA-2021-0538

  http://linux.oracle.com/errata/ELSA-2021-0538.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
nss-3.53.1-17.el8_3.i686.rpm
nss-3.53.1-17.el8_3.x86_64.rpm
nss-devel-3.53.1-17.el8_3.i686.rpm
nss-devel-3.53.1-17.el8_3.x86_64.rpm
nss-softokn-3.53.1-17.el8_3.i686.rpm
nss-softokn-3.53.1-17.el8_3.x86_64.rpm
nss-softokn-devel-3.53.1-17.el8_3.i686.rpm
nss-softokn-devel-3.53.1-17.el8_3.x86_64.rpm
nss-softokn-freebl-3.53.1-17.el8_3.i686.rpm
nss-softokn-freebl-3.53.1-17.el8_3.x86_64.rpm
nss-softokn-freebl-devel-3.53.1-17.el8_3.i686.rpm
nss-softokn-freebl-devel-3.53.1-17.el8_3.x86_64.rpm
nss-sysinit-3.53.1-17.el8_3.x86_64.rpm
nss-tools-3.53.1-17.el8_3.x86_64.rpm
nss-util-3.53.1-17.el8_3.i686.rpm
nss-util-3.53.1-17.el8_3.x86_64.rpm
nss-util-devel-3.53.1-17.el8_3.i686.rpm
nss-util-devel-3.53.1-17.el8_3.x86_64.rpm

aarch64:
nss-3.53.1-17.el8_3.aarch64.rpm
nss-devel-3.53.1-17.el8_3.aarch64.rpm
nss-softokn-3.53.1-17.el8_3.aarch64.rpm
nss-softokn-devel-3.53.1-17.el8_3.aarch64.rpm
nss-softokn-freebl-3.53.1-17.el8_3.aarch64.rpm
nss-softokn-freebl-devel-3.53.1-17.el8_3.aarch64.rpm
nss-sysinit-3.53.1-17.el8_3.aarch64.rpm
nss-tools-3.53.1-17.el8_3.aarch64.rpm
nss-util-3.53.1-17.el8_3.aarch64.rpm
nss-util-devel-3.53.1-17.el8_3.aarch64.rpm

SRPMS:
  http://oss.oracle.com/ol8/SRPMS-updates/nss-3.53.1-17.el8_3.src.rpm


Description of changes:

[3.53.1-17]
- Fix various corner cases with ike v1 app b support.

[3.53.1-16]
- Fix the following CVE
- CVE-2020-12403 chacha-poly issues
- CVE-2020-12400 constant time ECC.
- CVE-2020-6829 constant time ECC.

[3.53.1-15]
- Revert some policy changes the generate ABI runtime issues.

[3.53.1-14]
- Add support for enable/disable in policy. Now if your policy
file has disallow=x enable=y it will act just like our other
libraries.

[3.53.1-13]
- Add OAEP interface so applications can wrap keys with RSA-OAEP
rather than RSA-PKCS-1.

[3.53.1-12]
- fips need to reject small primes even if they are approved
- code to autodetect whether or not to use the cache needs to do so
in a way that doesn't mess with filesystem negative file caching.
- add kdf selftests