NSS 3.36.6 has been released on November 30, fixing a security issue: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes Updated package uploaded for Mageia 6. Advisory: ======================== Updated nss packages fix security vulnerability: Cache side-channel variant of the Bleichenbacher attack (CVE-2018-12404). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes ======================== Updated packages in core/updates_testing: ======================== rootcerts-20181108.00-1.mga6 rootcerts-java-20181108.00-1.mga6 nss-3.36.6-1.mga6 nss-doc-3.36.6-1.mga6 libnss3-3.36.6-1.mga6 libnss-devel-3.36.6-1.mga6 libnss-static-devel-3.36.6-1.mga6 from SRPMS: rootcerts-20181108.00-1.mga6.src.rpm nss-3.36.6-1.mga6.src.rpm
Installed and tested without issues. Tested with firefox. Checked with strace to confirm libs were used. System: Mageia 6, x86_64, Firefox, Plasma, LXQt, Intel CPU, nVidia GPU using nvidia340 proprietary driver. $ uname -a Linux marte 4.14.78-desktop-1.mga6 #1 SMP Sun Oct 21 20:31:12 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ rpm -q firefox firefox-60.3.0-1.mga6 $ strace -o tmp/strace.log /usr/bin/firefox <SNIP> $ egrep -o 'open\("[^"]*"' tmp/strace.log | egrep -o '".*"' | egrep -o '[^"]*' | sort -u > tmp/strace_files.log $ rpm -ql $(rpm -qa | egrep 'nss.*3.36|rootcert' | sort) > tmp/rpm_files.log $ for U in $(cat tmp/strace_files.log) ; do grep "$U" tmp/rpm_files.log ; done /usr/lib64/libfreeblpriv3.so /usr/lib64/libnss3.so /usr/lib64/libnssutil3.so /usr/lib64/libsmime3.so /usr/lib64/libsoftokn3.so /usr/lib64/libssl3.so
CC: (none) => mageia
Blocks: (none) => 23991
Blocks: (none) => 23706
on mga6-64 plasma packages installed cleanly: rootcerts-20181108.00-1.mga6.noarch rootcerts-java-20181108.00-1.mga6.noarch lib64nss3-3.36.6-1.mga6.x86_64 nss-3.36.6-1.mga6.x86_64 no regressions observed looks OK for mga6-64
MGA6-32 MATE on IBM Thinkpad R50e No installation issues. Installed cleanly, further tested by installation of Firefox update bug 23991 (which is dependent on this version of nss).
Whiteboard: (none) => MGA6-32-OKCC: (none) => herman.viaene
(In reply to Herman Viaene from comment #3) > MGA6-32 MATE on IBM Thinkpad R50e > No installation issues. > Installed cleanly, further tested by installation of Firefox update bug > 23991 (which is dependent on this version of nss). Did the same on a 64-bit Plasma install on a Probook 6550b, updating Firefox and Thunderbird at the same time. Used QA Repo for the task, being careful to add "64" to library names where appropriate when entering the package list. All packages installed cleanly. Looks good here on 64-bit. Validating. Advisory in Description.
Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OKKeywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Advisoried from comment 0.
Keywords: (none) => advisoryCC: (none) => lewyssmith
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0482.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED