As per upstream: Bug 1636771 (CVE-2020-12403) - Explicitly disable multi-part ChaCha20 (which was not functioning correctly) and more strictly enforce tag length. This was fixed in nss-3.55 Upstream bug: (currently private) https://bugzilla.mozilla.org/show_bug.cgi?id=1636771 Upstream patchset: https://hg.mozilla.org/projects/nss/rev/f282556e6cc7715f5754aeaadda6f902590e7e38 https://hg.mozilla.org/projects/nss/rev/c25adfdfab34ddb08d3262aac3242e3399de1095
Acknowledgments: Name: the Mozilla Project
External References: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
Created nss tracking bugs for this issue: Affects: fedora-all [bug 1868932]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4076 https://access.redhat.com/errata/RHSA-2020:4076
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-12403
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:0538 https://access.redhat.com/errata/RHSA-2021:0538
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2021:0758 https://access.redhat.com/errata/RHSA-2021:0758
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2021:0876 https://access.redhat.com/errata/RHSA-2021:0876
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2021:1026 https://access.redhat.com/errata/RHSA-2021:1026