openSUSE Security Update : mozilla-nss (openSUSE-2017-504)
Medium Nessus Plugin ID 99618
SynopsisThe remote openSUSE host is missing a security update.
DescriptionMozilla-nss was updated to 3.28.4 to fix the following issues :
Security issues :
- CVE-2016-9574: Allow use of session tickets when there is no ticket wrapping key (boo#1015499, bmo#1320695)
Non security issues :
- A rare crash when initializing an SSL socket fails has been fixed (bmo#1342358)
- Rare crashes in the base 64 decoder and encoder were fixed (bmo#1344380)
- A carry over bug in the RNG was fixed (bmo#1345089)
- Fixed hash computation (boo#1030071, bmo#1348767)
This update also contains a rebuild of java-1_8_0-openjdk as the java security provider is very closely tied to the mozilla nss API.
SolutionUpdate the affected mozilla-nss packages.