[USN-2672-1] NSS vulnerabilities
Several security issues were fixed in NSS.
Karthikeyan Bhargavan discovered that NSS incorrectly handled state
transitions for the TLS state machine. If a remote attacker were able to
perform a machine-in-the-middle attack, this flaw could be exploited to skip
the ServerKeyExchange message and remove the forward-secrecy property.
(CVE-2015-2721)
Watson Ladd discovered that NSS incorrectly handled Elliptical Curve
Cryptography (ECC) multiplication. A remote attacker could possibly use
this issue to spoof ECDSA signatures. (CVE-2015-2730)
As a security improvement, this update modifies NSS behaviour to reject DH
key sizes below 768 bits, preventing a possible downgrade attack.
This update also refreshes the NSS package to version 3.19.2 which includes
the latest CA certificate bundle.
Package | Affected Version |
---|---|
pkg:deb/ubuntu/libnss3?distro=trusty | < 3.19.2-0ubuntu0.14.04.1 |
pkg:deb/ubuntu/libnss3-tools?distro=trusty | < 3.19.2-0ubuntu0.14.04.1 |
pkg:deb/ubuntu/libnss3-nssdb?distro=trusty | < 3.19.2-0ubuntu0.14.04.1 |
pkg:deb/ubuntu/libnss3-dev?distro=trusty | < 3.19.2-0ubuntu0.14.04.1 |
pkg:deb/ubuntu/libnss3-1d?distro=trusty | < 3.19.2-0ubuntu0.14.04.1 |
- ID
- USN-2672-1
- Severity
- medium
- URL
- https://ubuntu.com/security/notices/USN-2672-1
- Published
-
2015-07-09T17:32:22
(9 years ago) - Modified
-
2015-07-09T17:32:22
(9 years ago) - Other Advisories
-
- ALAS-2015-596
- DSA-3300-1
- DSA-3324-1
- DSA-3336-1
- ELSA-2015-1664
- ELSA-2015-1699
- FREEBSD:44D9DAEE-940C-4179-86BB-6E3FFD617869
- GLSA-201512-10
- GLSA-201605-06
- GLSA-201701-46
- RHSA-2015:1185
- RHSA-2015:1699
- SUSE-SU-2015:1268-1
- SUSE-SU-2015:1268-2
- SUSE-SU-2015:1269-1
- SUSE-SU-2015:1449-1
- USN-2656-1
- USN-2656-2
- USN-2673-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/libnss3?distro=trusty | ubuntu | libnss3 | < 3.19.2-0ubuntu0.14.04.1 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-tools?distro=trusty | ubuntu | libnss3-tools | < 3.19.2-0ubuntu0.14.04.1 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-nssdb?distro=trusty | ubuntu | libnss3-nssdb | < 3.19.2-0ubuntu0.14.04.1 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-dev?distro=trusty | ubuntu | libnss3-dev | < 3.19.2-0ubuntu0.14.04.1 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-1d?distro=trusty | ubuntu | libnss3-1d | < 3.19.2-0ubuntu0.14.04.1 | trusty |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |