ALAS-2024-523

Amazon Linux 2023 Security Advisory: ALAS-2024-523
Advisory Release Date: 2024-02-15 02:51 Pacific
Advisory Updated Date: 2024-02-19 20:27 Pacific
Severity: Medium
Issue Overview:

Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121. (CVE-2023-6135)


Affected Packages:

nss


Issue Correction:
Run dnf update nss --releasever 2023.3.20240219 to update your system.

New Packages:
aarch64:
    nss-util-3.90.0-6.amzn2023.0.1.aarch64
    nss-softokn-freebl-debuginfo-3.90.0-6.amzn2023.0.1.aarch64
    nss-devel-3.90.0-6.amzn2023.0.1.aarch64
    nss-tools-debuginfo-3.90.0-6.amzn2023.0.1.aarch64
    nspr-4.35.0-6.amzn2023.0.1.aarch64
    nspr-debuginfo-4.35.0-6.amzn2023.0.1.aarch64
    nss-softokn-freebl-3.90.0-6.amzn2023.0.1.aarch64
    nss-debuginfo-3.90.0-6.amzn2023.0.1.aarch64
    nss-softokn-freebl-devel-3.90.0-6.amzn2023.0.1.aarch64
    nss-softokn-3.90.0-6.amzn2023.0.1.aarch64
    nss-sysinit-3.90.0-6.amzn2023.0.1.aarch64
    nss-softokn-devel-3.90.0-6.amzn2023.0.1.aarch64
    nss-sysinit-debuginfo-3.90.0-6.amzn2023.0.1.aarch64
    nspr-devel-4.35.0-6.amzn2023.0.1.aarch64
    nss-debugsource-3.90.0-6.amzn2023.0.1.aarch64
    nss-pkcs11-devel-3.90.0-6.amzn2023.0.1.aarch64
    nss-util-devel-3.90.0-6.amzn2023.0.1.aarch64
    nss-util-debuginfo-3.90.0-6.amzn2023.0.1.aarch64
    nss-softokn-debuginfo-3.90.0-6.amzn2023.0.1.aarch64
    nss-3.90.0-6.amzn2023.0.1.aarch64
    nss-tools-3.90.0-6.amzn2023.0.1.aarch64

src:
    nss-3.90.0-6.amzn2023.0.1.src

x86_64:
    nss-softokn-debuginfo-3.90.0-6.amzn2023.0.1.x86_64
    nss-debuginfo-3.90.0-6.amzn2023.0.1.x86_64
    nspr-4.35.0-6.amzn2023.0.1.x86_64
    nss-util-devel-3.90.0-6.amzn2023.0.1.x86_64
    nss-softokn-freebl-debuginfo-3.90.0-6.amzn2023.0.1.x86_64
    nss-sysinit-3.90.0-6.amzn2023.0.1.x86_64
    nss-util-debuginfo-3.90.0-6.amzn2023.0.1.x86_64
    nss-tools-debuginfo-3.90.0-6.amzn2023.0.1.x86_64
    nss-softokn-devel-3.90.0-6.amzn2023.0.1.x86_64
    nspr-debuginfo-4.35.0-6.amzn2023.0.1.x86_64
    nss-util-3.90.0-6.amzn2023.0.1.x86_64
    nss-debugsource-3.90.0-6.amzn2023.0.1.x86_64
    nss-devel-3.90.0-6.amzn2023.0.1.x86_64
    nss-softokn-3.90.0-6.amzn2023.0.1.x86_64
    nss-softokn-freebl-devel-3.90.0-6.amzn2023.0.1.x86_64
    nss-sysinit-debuginfo-3.90.0-6.amzn2023.0.1.x86_64
    nss-softokn-freebl-3.90.0-6.amzn2023.0.1.x86_64
    nss-pkcs11-devel-3.90.0-6.amzn2023.0.1.x86_64
    nspr-devel-4.35.0-6.amzn2023.0.1.x86_64
    nss-3.90.0-6.amzn2023.0.1.x86_64
    nss-tools-3.90.0-6.amzn2023.0.1.x86_64

Additional References

Red Hat: CVE-2023-6135

Mitre: CVE-2023-6135