[Bug 1885562] Re: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

Launchpad Bug Tracker 1885562 at bugs.launchpad.net
Mon Aug 10 17:51:46 UTC 2020

This bug was fixed in the package nss - 2:3.49.1-1ubuntu1.4

nss (2:3.49.1-1ubuntu1.4) focal-security; urgency=medium

  * SECURITY UPDATE: Side-channel attack
    - debian/patches/CVE-2020-12400-and-6829-*.patch: use constant-time
      P-384 and P-521 in nss/lib/freebl/ecl/ecl-priv.h, nss/lib/freebl/ecl/ecl.c,
      nss/lib/freebl/ecl/ecl_spec384r1.c, nss/lib/freebl/freebl_base.gypi,
      nss/lib/freebl/manifest.mn, nss/test/ec/ectest.sh.
    - CVE-2020-12400
    - CVE-2020-6829
  * SECURITY UPDATE: Timing attack mitigation bypass
    - debian/patches/CVE-2020-12401.patch: remove unnecessary scalar
      padding in nss/lib/freebl/ec.c.
    - CVE-2020-12401

 -- leo.barbosa at canonical.com (Leonidas S. Barbosa)  Wed, 05 Aug 2020
15:28:48 -0300

** Changed in: nss (Ubuntu Focal)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-12400

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-12401

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-6829

** Changed in: nss (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to nss in Ubuntu.

  [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

To manage notifications about this bug go to:

More information about the Ubuntu-mozillateam-bugs mailing list