BELL-CVE-2020-12401 CVE-2020-12401 does not affect BellSoft software

Bulletin has no description...

Debian dla-3327 : libnss3 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3327 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3327-1 [email protected]...

K61267093: Multiple NSS vulnerabilities CVE-2020-6829, CVE-2020-12400, CVE-2020-12401, and CVE-2020-12402

Security Advisory Description CVE-2020-6829 When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the...

Debian: Security Advisory (DLA-3327-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3327-1] nss security update

Debian LTS Advisory DLA-3327-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany February 20, 2023 https://wiki.debian.org/LTS Package : nss Version : 2:3.42.1-1+deb10u6 CVE ID : CVE-2020-6829 CVE-2020-12400 CVE-2020-12401 CVE-2020-12403 CVE-2023-0767 Multiple...

Mageia: Security Advisory (MGASA-2020-0318)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox Security Advisory (MFSA2020-36) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Advisory ROSA-SA-2021-1835

Software: firefox 78.5.0 OS: Cobalt 7.9 CVE-ID: CVE-2020-12400 CVE-Crit: MEDIUM CVE-DESC: When converting coordinates from projective to affine, modular inversion was not performed in constant time, leading to a possible time-based side-channel attack. This vulnerability affects Firefox 80 and...

CentOS: Security Advisory for nss (CESA-2020:4076)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2021-1744)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2021-1249)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : nss (EulerOS-SA-2021-1268)

According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in...

EulerOS 2.0 SP9 : nss (EulerOS-SA-2021-1249)

According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in...

Huawei EulerOS: Security Advisory for nss-softokn (EulerOS-SA-2021-1155)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : nss and nspr on SL7.x x86_64 (20201001)

Security Fixes : - nss: Out-of-bounds read when importing curve25519 private key CVE-2019-11719 - nss: Use-after-free in sftkFreeSession due to improper refcounting CVE-2019-11756 - nss: Check length of inputs for cryptographic primitives CVE-2019-17006 - nss: Side channel attack on ECDSA signatu...

CVE-2020-12401

CVE-2020-12401: In ECDSA signature generation, padding used to ensure constant-time scalar multiplication was removed, causing variable-time execution based on secret data. Affected: Firefox < 80 and Firefox for Android

nss and nspr security, bug fix, and enhancement update

nspr 4.25.0-2 - Rebuild to fix wrong dist tag 4.25.0-1 - Rebase to NSPR 4.25 nss 3.53.1-3 - Disable dh timing test because it's unreliable on s390 from Bob Relyea - Explicitly enable upgradedb/sharedb test cycles 3.53.1-2 - Disable TLS 1.3 by default 3.53.1-1 - Rebase to NSS 3.53.1 3.44.0-8 -...

Debian DLA-2388-1 : nss security update

Various vulnerabilities were fixed in nss, the Network Security Service libraries. CVE-2018-12404 Cache side-channel variant of the Bleichenbacher attack. CVE-2018-18508 NULL pointer dereference in several CMS functions resulting in a denial of service. CVE-2019-11719 Out-of-bounds read when...

Debian: Security Advisory (DLA-2388-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: nss and nspr security, bug fix, and enhancement update

An update for nss, nss-softokn, nss-util, and nspr is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...