SUSE-SU-2023:0118-1

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2022-23491 CVE-2022-3479

Published: 20 Jan 2023, 09:27

Last modified:02 May 2025, 04:32

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

20 Jan 2023, 09:27

Published

Vulnerability first disclosed

02 May 2025, 04:32

Last Modified

Vulnerability information updated

Description

Security update for mozilla-nss This update for mozilla-nss fixes the following issues: - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but the client had no certificates stored (bsc#1204272). - Updated to version 3.79.3 (bsc#1207038): - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor.

Affected Systems

suse•mozilla-nss&distro=SUSE Linux Enterprise Server 12 SP2-BCL
< 3.79.3-58.91.1
suse•mozilla-nss&distro=SUSE Linux Enterprise Server 12 SP4-LTSS
< 3.79.3-58.91.1
suse•mozilla-nss&distro=SUSE Linux Enterprise Server 12 SP5
< 3.79.3-58.91.1
suse•mozilla-nss&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4
< 3.79.3-58.91.1
suse•mozilla-nss&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5
< 3.79.3-58.91.1
suse•mozilla-nss&distro=SUSE Linux Enterprise Software Development Kit 12 SP5
< 3.79.3-58.91.1
suse•mozilla-nss&distro=SUSE OpenStack Cloud 9
< 3.79.3-58.91.1
suse•mozilla-nss&distro=SUSE OpenStack Cloud Crowbar 9
< 3.79.3-58.91.1

SUSE-SU-2023:0118-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (5)