An issue was found in nss before version 3.36.6. The TLS implementation exposes padding oracle in each of the three stages of handling PKCS #1 v1.5 padding References: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.6_release_notes http://cat.eyalro.net/
This issue was also resolved via nss-3.40 as per: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.40.1_release_notes
Created nss tracking bugs for this issue: Affects: fedora-all [bug 1664539]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2237 https://access.redhat.com/errata/RHSA-2019:2237
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-12404