diff -Nru nss-3.42/debian/changelog nss-3.42/debian/changelog
--- nss-3.42/debian/changelog	2019-02-19 11:04:49.000000000 +0000
+++ nss-3.42/debian/changelog	2019-07-24 13:19:43.000000000 +0000
@@ -1,3 +1,10 @@
+nss (2:3.42-1ubuntu2+disco.2) disco; urgency=medium
+
+  * Disable reading fips_enabled flag on a FIPS enabled system. libnss
+    is not a FIPS certified library. Bug #1837734
+
+ -- Vineetha Kamath <vineetha.hari.pai@canonical.com>  Wed, 24 Jul 2019 13:19:43 +0000
+
 nss (2:3.42-1ubuntu2) disco; urgency=medium
 
   * SECURITY UPDATE: DoS in NULL pointer dereference in CMS functions
diff -Nru nss-3.42/debian/patches/disable_fips_enabled_read.patch nss-3.42/debian/patches/disable_fips_enabled_read.patch
--- nss-3.42/debian/patches/disable_fips_enabled_read.patch	1970-01-01 00:00:00.000000000 +0000
+++ nss-3.42/debian/patches/disable_fips_enabled_read.patch	2019-07-24 13:19:31.000000000 +0000
@@ -0,0 +1,49 @@
+commit 5a418685c2fb7d8f2b18a977e20b77da0678f042
+Author: Vineetha Kamath <vineetha.hari.pai@canonical.com>
+Date:   Wed Jul 24 12:49:40 2019 +0000
+
+From: Vineetha Kamath<vineetha.hari.pai@canonical.com>
+Decription: Disable libgcrypt reading /proc/sys/crypto/fips_enabled
+file and going into FIPS mode. libnss is not a FIPS
+certified library.
+Bug-Ubuntu: http://bugs.launchpad.net/bugs/1837734
+Forwarded: not-needed
+
+diff --git a/nss/lib/freebl/nsslowhash.c b/nss/lib/freebl/nsslowhash.c
+index 22f9781..8433377 100644
+--- a/nss/lib/freebl/nsslowhash.c
++++ b/nss/lib/freebl/nsslowhash.c
+@@ -27,11 +27,13 @@ static int
+ nsslow_GetFIPSEnabled(void)
+ {
+ #ifdef LINUX
+-    FILE *f;
++    FILE *f = NULL;
+     char d;
+     size_t size;
+ 
++#if 0
+     f = fopen("/proc/sys/crypto/fips_enabled", "r");
++#endif
+     if (!f)
+         return 0;
+ 
+diff --git a/nss/lib/sysinit/nsssysinit.c b/nss/lib/sysinit/nsssysinit.c
+index 2572141..88912d9 100644
+--- a/nss/lib/sysinit/nsssysinit.c
++++ b/nss/lib/sysinit/nsssysinit.c
+@@ -208,11 +208,13 @@ getFIPSEnv(void)
+ static PRBool
+ getFIPSMode(void)
+ {
+-    FILE *f;
++    FILE *f = NULL;
+     char d;
+     size_t size;
+ 
++#if 0
+     f = fopen("/proc/sys/crypto/fips_enabled", "r");
++#endif
+     if (!f) {
+         /* if we don't have a proc flag, fall back to the
+      * environment variable */
diff -Nru nss-3.42/debian/patches/series nss-3.42/debian/patches/series
--- nss-3.42/debian/patches/series	2019-02-19 11:01:02.000000000 +0000
+++ nss-3.42/debian/patches/series	2019-07-24 13:19:31.000000000 +0000
@@ -4,3 +4,4 @@
 38_hppa.patch
 CVE-2018-18508-1.patch
 CVE-2018-18508-2.patch
+disable_fips_enabled_read.patch