Security update for mozilla-nss
This update for mozilla-nss to version 3.36.6 fixes the following issues:
Security issues fixed:
- CVE-2018-12384: NSS responded to an SSLv2-compatible ClientHello with a
ServerHello that had an all-zero random (bmo#1483128, boo#1106873)
- CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack
(bmo#1485864, boo#1119069)
-
Submitted by
Wolfgang Rosenauer (wrosenauer)
Fixed bugs
bnc#1119069
VUL-0: CVE-2018-12404: mozilla-nss: nss: Cache side-channel variant of the Bleichenbacher attack
bnc#1106873
VUL-0: CVE-2018-12384: mozilla-nss: ServerHello.random is all zero when handling a v2-compatible ClientHello
