Synopsis: Moderate: nss, nss-softokn, nss-util, and nspr security, bug Advisory ID: SLSA-2019:2237-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-0495 CVE-2018-12404 -- Netscape Portable Runtime (NSPR) provides platform independence for non- GUI operating system facilities. The following packages have been upgraded to a later upstream version: nss (3.44.0), nss-softokn (3.44.0), nss-util (3.44.0), nspr (4.21.0). Security Fix(es): * ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * nss: Cache side-channel variant of the Bleichenbacher attack (CVE-2018-12404) -- SL7 x86_64 nss-softokn-3.44.0-5.el7.x86_64.rpm nss-devel-3.44.0-4.el7.i686.rpm nss-softokn-freebl-3.44.0-5.el7.i686.rpm nspr-devel-4.21.0-1.el7.i686.rpm nss-devel-3.44.0-4.el7.x86_64.rpm nss-tools-3.44.0-4.el7.x86_64.rpm nss-softokn-devel-3.44.0-5.el7.i686.rpm nss-sysinit-3.44.0-4.el7.x86_64.rpm nss-util-devel-3.44.0-3.el7.x86_64.rpm nspr-4.21.0-1.el7.x86_64.rpm nspr-devel-4.21.0-1.el7.x86_64.rpm nss-util-3.44.0-3.el7.x86_64.rpm nss-softokn-freebl-devel-3.44.0-5.el7.x86_64.rpm nss-softokn-freebl-devel-3.44.0-5.el7.i686.rpm nss-softokn-3.44.0-5.el7.i686.rpm nss-util-devel-3.44.0-3.el7.i686.rpm nss-softokn-devel-3.44.0-5.el7.x86_64.rpm nss-3.44.0-4.el7.i686.rpm nspr-4.21.0-1.el7.i686.rpm nss-3.44.0-4.el7.x86_64.rpm nss-util-3.44.0-3.el7.i686.rpm nss-softokn-freebl-3.44.0-5.el7.x86_64.rpm nss-pkcs11-devel-3.44.0-4.el7.i686.rpm nss-pkcs11-devel-3.44.0-4.el7.x86_64.rpm nspr-debuginfo-4.21.0-1.el7.i686.rpm nspr-debuginfo-4.21.0-1.el7.x86_64.rpm nss-debuginfo-3.44.0-4.el7.i686.rpm nss-debuginfo-3.44.0-4.el7.x86_64.rpm nss-softokn-debuginfo-3.44.0-5.el7.i686.rpm nss-softokn-debuginfo-3.44.0-5.el7.x86_64.rpm nss-util-debuginfo-3.44.0-3.el7.i686.rpm nss-util-debuginfo-3.44.0-3.el7.x86_64.rpm - Scientific Linux Development Team