SUSE Security Update: Security update for mozilla-nss
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:2533-2
Rating:             important
References:         #1192079 #1192080 #1192086 #1192087 #1192228 
                    #1198486 #1200027 
Cross-References:   CVE-2022-31741
CVSS scores:
                    CVE-2022-31741 (SUSE): 7.5
 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:
                    openSUSE Leap Micro 5.2
______________________________________________________________________________

   An update that solves one vulnerability and has 6 fixes is
   now available.

Description:

   This update for mozilla-nss fixes the following issues:

   Various FIPS 140-3 related fixes were backported from SUSE Linux
   Enterprise 15 SP4:

   - Makes the PBKDF known answer test compliant with NIST SP800-132.
     (bsc#1192079).
   - FIPS: Add on-demand integrity tests through
     sftk_FIPSRepeatIntegrityCheck() (bsc#1198980).
   - FIPS: mark algorithms as approved/non-approved according to security
     policy (bsc#1191546, bsc#1201298).
   - FIPS: remove hard disabling of unapproved algorithms. This requirement
     is now fulfilled by the service level indicator (bsc#1200325).
   - Run test suite at build time, and make it pass (bsc#1198486).
   - FIPS: skip algorithms that are hard disabled in FIPS mode.
   - Prevent expired PayPalEE cert from failing the tests.
   - Allow checksumming to be disabled, but only if we entered FIPS mode due
     to NSS_FIPS being set, not if it came from /proc.
   - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132.
   - Update FIPS validation string to version-release format.
   - FIPS: remove XCBC MAC from list of FIPS approved algorithms.
   - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build.
   - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080).
   - FIPS: allow testing of unapproved algorithms (bsc#1192228).
   - FIPS: add version indicators. (bmo#1729550, bsc#1192086).
   - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087).

   Version update to NSS 3.79:

   - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
   - Update mercurial in clang-format docker image.
   - Use of uninitialized pointer in lg_init after alloc fail.
   - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
   - Add SECMOD_LockedModuleHasRemovableSlots.
   - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
   - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat
     extension alerts.
   - TLS 1.3 Server: Send protocol_version alert on unsupported
     ClientHello.legacy_version.
   - Correct invalid record inner and outer content type alerts.
   - NSS does not properly import or export pkcs12 files with large passwords
     and pkcs5v2 encoding.
   - improve error handling after nssCKFWInstance_CreateObjectHandle.
   - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
   - NSS 3.79 should depend on NSPR 4.34

   Version update to NSS 3.78.1:

   - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple

   Version update to NSS 3.78:

   - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length
     record/fragment handling tests.
   - Reworked overlong record size checks and added TLS1.3 specific
     boundaries.
   - Add ECH Grease Support to tstclnt
   - Add a strict variant of moz::pkix::CheckCertHostname.
   - Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
   - Make SEC_PKCS12EnableCipher succeed
   - Update zlib in NSS to 1.2.12.

   Version update to NSS 3.77:

   - Fix link to TLS page on wireshark wiki
   - Add two D-TRUST 2020 root certificates.
   - Add Telia Root CA v2 root certificate.
   - Remove expired explicitly distrusted certificates from certdata.txt.
   - support specific RSA-PSS parameters in mozilla::pkix
   - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
   - Remove token member from NSSSlot struct.
   - Provide secure variants of mpp_pprime and mpp_make_prime.
   - Support UTF-8 library path in the module spec string.
   - Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
   - Update googletest to 1.11.0
   - Add SetTls13GreaseEchSize to experimental API.
   - TLS 1.3 Illegal legacy_version handling/alerts.
   - Fix calculation of ECH HRR Transcript.
   - Allow ld path to be set as environment variable.
   - Ensure we don't read uninitialized memory in ssl gtests.
   - Fix DataBuffer Move Assignment.
   - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3
   - rework signature verification in mozilla::pkix

   Version update to NSS 3.76.1

   - Remove token member from NSSSlot struct.
   - Hold tokensLock through nssToken_GetSlot calls in
     nssTrustDomain_GetActiveSlots.
   - Check return value of PK11Slot_GetNSSToken.
   - Use Wycheproof JSON for RSASSA-PSS
   - Add SHA256 fingerprint comments to old certdata.txt entries.
   - Avoid truncating files in nss-release-helper.py.
   - Throw illegal_parameter alert for illegal extensions in handshake
     message.

   Version update to NSS 3.75

   - Make DottedOIDToCode.py compatible with python3.
   - Avoid undefined shift in SSL_CERT_IS while fuzzing.
   - Remove redundant key type check.
   - Update ABI expectations to match ECH changes.
   - Enable CKM_CHACHA20.
   - check return on NSS_NoDB_Init and NSS_Shutdown.
   - Run ECDSA test vectors from bltest as part of the CI tests.
   - Add ECDSA test vectors to the bltest command line tool.
   - Allow to build using clang's integrated assembler.
   - Allow to override python for the build.
   - test HKDF output rather than input.
   - Use ASSERT macros to end failed tests early.
   - move assignment operator for DataBuffer.
   - Add test cases for ECH compression and unexpected extensions in SH.
   - Update tests for ECH-13.
   - Tidy up error handling.
   - Add tests for ECH HRR Changes.
   - Server only sends GREASE HRR extension if enabled by preference.
   - Update generation of the Associated Data for ECH-13.
   - When ECH is accepted, reject extensions which were only advertised in
     the Outer Client Hello.
   - Allow for compressed, non-contiguous, extensions.
   - Scramble the PSK extension in CHOuter.
   - Split custom extension handling for ECH.
   - Add ECH-13 HRR Handling.
   - Client side ECH padding.
   - Stricter ClientHelloInner Decompression.
   - Remove ECH_inner extension, use new enum format.
   - Update the version number for ECH-13 and adjust the ECHConfig size.

   Version update to NSS 3.74

   - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses
   - Ensure clients offer consistent ciphersuites after HRR
   - NSS does not properly restrict server keys based on policy
   - Set nssckbi version number to 2.54
   - Replace Google Trust Services LLC (GTS) R4 root certificate
   - Replace Google Trust Services LLC (GTS) R3 root certificate
   - Replace Google Trust Services LLC (GTS) R2 root certificate
   - Replace Google Trust Services LLC (GTS) R1 root certificate
   - Replace GlobalSign ECC Root CA R4
   - Remove Expired Root Certificates - DST Root CA X3
   - Remove Expiring Cybertrust Global Root and GlobalSign root certificates
   - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068
     root certificate
   - Add iTrusChina ECC root certificate
   - Add iTrusChina RSA root certificate
   - Add ISRG Root X2 root certificate
   - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
   - Avoid a clang 13 unused variable warning in opt build
   - Check for missing signedData field
   - Ensure DER encoded signatures are within size limits

   - enable key logging option (boo#1195040)

   Version update to NSS 3.73.1:

   - Add SHA-2 support to mozilla::pkix's OSCP implementation

   Version update to NSS 3.73

   - check for missing signedData field.
   - Ensure DER encoded signatures are within size limits.
   - NSS needs FiPS 140-3 version indicators.
   - pkix_CacheCert_Lookup doesn't return cached certs
   - sunset Coverity from NSS

   Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via
   DER-encoded DSA and RSA-PSS signatures

   Version update to NSS 3.72

   - Fix nsinstall parallel failure.
   - Increase KDF cache size to mitigate perf regression in about:logins

   Version update to NSS 3.71

   - Set nssckbi version number to 2.52.
   - Respect server requirements of
     tlsfuzzer/test-tls13-signature-algorithms.py
   - Import of PKCS#12 files with Camellia encryption is not supported
   - Add HARICA Client ECC Root CA 2021.
   - Add HARICA Client RSA Root CA 2021.
   - Add HARICA TLS ECC Root CA 2021.
   - Add HARICA TLS RSA Root CA 2021.
   - Add TunTrust Root CA certificate to NSS.

   Version update to NSS 3.70

   - Update test case to verify fix.
   - Explicitly disable downgrade check in
     TlsConnectStreamTls13.EchOuterWith12Max
   - Explicitly disable downgrade check in
     TlsConnectTest.DisableFalseStartOnFallback
   - Avoid using a lookup table in nssb64d.
   - Use HW accelerated SHA2 on AArch64 Big Endian.
   - Change default value of enableHelloDowngradeCheck to true.
   - Cache additional PBE entries.
   - Read HPKE vectors from official JSON.

   Version update to NSS 3.69.1:

   - Disable DTLS 1.0 and 1.1 by default
   - integrity checks in key4.db not happening on private components with
     AES_CBC

   NSS 3.69:

   - Disable DTLS 1.0 and 1.1 by default (backed out again)
   - integrity checks in key4.db not happening on private components with
     AES_CBC (backed out again)
   - SSL handling of signature algorithms ignores environmental invalid
     algorithms.
   - sqlite 3.34 changed it's open semantics, causing nss failures.
   - Gtest update changed the gtest reports, losing gtest details in all.sh
     reports.
   - NSS incorrectly accepting 1536 bit DH primes in FIPS mode
   - SQLite calls could timeout in starvation situations.
   - Coverity/cpp scanner errors found in nss 3.67
   - Import the NSS documentation from MDN in nss/doc.
   - NSS using a tempdir to measure sql performance not active

   Version Update to 3.68.4 (bsc#1200027)

   - CVE-2022-31741: Initialize pointers passed to
     NSS_CMSDigestContext_FinishMultiple.  (bmo#1767590)


   Mozilla NSPR was updated to version 4.34:

   * add an API that returns a preferred loopback IP on hosts that have two
     IP stacks available.


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation
 methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap Micro 5.2:

      zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2533=1



Package List:

   - openSUSE Leap Micro 5.2 (aarch64 x86_64):

      libfreebl3-3.79-150000.3.74.1
      libfreebl3-debuginfo-3.79-150000.3.74.1
      libfreebl3-hmac-3.79-150000.3.74.1
      libsoftokn3-3.79-150000.3.74.1
      libsoftokn3-debuginfo-3.79-150000.3.74.1
      libsoftokn3-hmac-3.79-150000.3.74.1
      mozilla-nspr-4.34-150000.3.23.1
      mozilla-nspr-debuginfo-4.34-150000.3.23.1
      mozilla-nspr-debugsource-4.34-150000.3.23.1
      mozilla-nss-3.79-150000.3.74.1
      mozilla-nss-certs-3.79-150000.3.74.1
      mozilla-nss-certs-debuginfo-3.79-150000.3.74.1
      mozilla-nss-debuginfo-3.79-150000.3.74.1
      mozilla-nss-debugsource-3.79-150000.3.74.1
      mozilla-nss-tools-3.79-150000.3.74.1
      mozilla-nss-tools-debuginfo-3.79-150000.3.74.1


References:

   https://www.suse.com/security/cve/CVE-2022-31741.html
   https://bugzilla.suse.com/1192079
   https://bugzilla.suse.com/1192080
   https://bugzilla.suse.com/1192086
   https://bugzilla.suse.com/1192087
   https://bugzilla.suse.com/1192228
   https://bugzilla.suse.com/1198486
   https://bugzilla.suse.com/1200027