[Bug 1885562] Re: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode
Launchpad Bug Tracker
1885562 at bugs.launchpad.net
Mon Aug 10 17:51:47 UTC 2020
This bug was fixed in the package nss - 2:3.35-2ubuntu2.11
---------------
nss (2:3.35-2ubuntu2.11) bionic-security; urgency=medium
* SECURITY UPDATE: Side-channel attack
- debian/patches/CVE-2020-12400-and-6829-*.patch: use constant-time
P-384 and P-521 in nss/lib/freebl/ecl/ecl-priv.h, nss/lib/freebl/ecl/ecl.c,
nss/lib/freebl/ecl/ecl_spec384r1.c, nss/lib/freebl/freebl_base.gypi,
nss/lib/freebl/manifest.mn, nss/test/ec/ectest.sh.
- CVE-2020-12400
- CVE-2020-6829
* SECURITY UPDATE: Timing attack mitigation bypass
- debian/patches/CVE-2020-12401.patch: remove unnecessary scalar
padding in nss/lib/freebl/ec.c.
- CVE-2020-12401
-- leo.barbosa at canonical.com (Leonidas S. Barbosa) Wed, 05 Aug 2020
15:58:41 -0300
--
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1885562
Title:
[fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1885562/+subscriptions
More information about the Ubuntu-mozillateam-bugs
mailing list