Gentoo alert 202508-04 (Mozilla Network Security Service (NSS))
| From: | glsamaker@gentoo.org | |
| To: | gentoo-announce@lists.gentoo.org | |
| Subject: | [gentoo-announce] [ GLSA 202508-04 ] Mozilla Network Security Service (NSS): TLS RSA decryption timing attack | |
| Date: | Wed, 06 Aug 2025 11:46:38 -0000 | |
| Message-ID: | <175448079913.7.5070930100043093630@3f85d36892cf> |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202508-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Network Security Service (NSS): TLS RSA decryption timing attack Date: August 06, 2025 Bugs: #925027 ID: 202508-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in NSS, which can lead to the recovery of private data. Background ========== The Mozilla Network Security Service is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. Affected packages ================= Package Vulnerable Unaffected ------------ ------------ ------------ dev-libs/nss < 3.98 >= 3.98 Description =========== A vulnerability has been discovered in Mozilla Network Security Service (NSS). Please review the CVE identifier referenced below for details. Impact ====== Please review the referenced CVE identifier for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Mozilla Network Security Service (NSS) users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.98" References ========== [ 1 ] CVE-2023-5388 https://nvd.nist.gov/vuln/detail/CVE-2023-5388 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202508-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2025 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmiTQJ4ACgkQFMQkOaVy +9nO9g//cjF0+QE7KfqaqqmA+CIUZMC+le74NOsMe2p9qSc8uMStN/x1jYGYu7ed UdW2msMggcoDRavaKBM2DwdB+MqkJQN0jTA9xfQUJc2jWXKQKFD8rC8Bacl9s8sX C0pjGkSjUyngK7Rxk/8Q3C+Tk1D6fQA+hc9G0WMi75SHw1ntJ0JNseJntdpUvMcl r97bZFxKuNKYE4AqsMU0uVdprUGZg3YJ/ANAGhONkXF7oVsVebFLePFS6f8VLmY+ hNQYlmhLQqFF8lm0JWzgG1PRG7MeJu516el+Gmp6JvH1yl9fNsGHxrmc9QW/8cTN mpguMd0koIx42gyDfsHGU8o1PvDzGiSPA/I0gG2TKkBNTij11AAk+62sCSOpqiTs fNAEeXcbaDROgv2wTX5vj+kaaBPPODGBIO7dtLy3NPP6tYmrHytZappwZmeihvny c6iBxwVSxknIupG7+doZ3VBAoTEnJjcC81/Kho/Co8stpIG1ty6ciNU9lOcePlXd Wrg0fXLfxfjLMQSgTdplOl7GKJpHVZ8WJay++4AAz8tWh46xf5TVN0QycyV1wRDb /J/FUOZLdUaY0BIvjKdPsY3w0ml6bTk78ejHfpAFmk4y8dILLh8xWbndluvjVRq0 bCwehzbixQ6jpCHqIv7iAHdctNTRBxIbPdMhuSnxKo9GCkMbccc= =SoZ7 -----END PGP SIGNATURE-----