[USN-2672-1] NSS vulnerabilities
Several security issues were fixed in NSS.
Karthikeyan Bhargavan discovered that NSS incorrectly handled state
transitions for the TLS state machine. If a remote attacker were able to
perform a machine-in-the-middle attack, this flaw could be exploited to skip
the ServerKeyExchange message and remove the forward-secrecy property.
(CVE-2015-2721)
Watson Ladd discovered that NSS incorrectly handled Elliptical Curve
Cryptography (ECC) multiplication. A remote attacker could possibly use
this issue to spoof ECDSA signatures. (CVE-2015-2730)
As a security improvement, this update modifies NSS behaviour to reject DH
key sizes below 768 bits, preventing a possible downgrade attack.
This update also refreshes the NSS package to version 3.19.2 which includes
the latest CA certificate bundle.
| Package | Affected Version |
|---|---|
 pkg:deb/ubuntu/libnss3?distro=trusty
|
< 3.19.2-0ubuntu0.14.04.1 |
|
pkg:deb/ubuntu/libnss3-tools?distro=trusty
|
< 3.19.2-0ubuntu0.14.04.1 |
|
pkg:deb/ubuntu/libnss3-nssdb?distro=trusty
|
< 3.19.2-0ubuntu0.14.04.1 |
|
pkg:deb/ubuntu/libnss3-dev?distro=trusty
|
< 3.19.2-0ubuntu0.14.04.1 |
|
pkg:deb/ubuntu/libnss3-1d?distro=trusty
|
< 3.19.2-0ubuntu0.14.04.1 |
- ID
- USN-2672-1
- Severity
- medium
- URL
- https://ubuntu.com/security/notices/USN-2672-1
- Published
-
2015-07-09T17:32:22
(9 years ago) - Modified
-
2015-07-09T17:32:22
(9 years ago) - Other Advisories
-
-
ALAS-2015-596
-
DSA-3300-1
-
DSA-3324-1
-
DSA-3336-1
-
ELSA-2015-1664
-
ELSA-2015-1699
-
FREEBSD:44D9DAEE-940C-4179-86BB-6E3FFD617869
-
GLSA-201512-10
-
GLSA-201605-06
-
GLSA-201701-46
-
RHSA-2015:1185
-
RHSA-2015:1699
-
SUSE-SU-2015:1268-1
-
SUSE-SU-2015:1268-2
-
SUSE-SU-2015:1269-1
-
SUSE-SU-2015:1449-1
-
USN-2656-1
-
USN-2656-2
-
USN-2673-1
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:deb/ubuntu/libnss3?distro=trusty | ubuntu |
libnss3
|
< 3.19.2-0ubuntu0.14.04.1 | trusty | ||
| Affected | pkg:deb/ubuntu/libnss3-tools?distro=trusty | ubuntu |
libnss3-tools
|
< 3.19.2-0ubuntu0.14.04.1 | trusty | ||
| Affected | pkg:deb/ubuntu/libnss3-nssdb?distro=trusty | ubuntu |
libnss3-nssdb
|
< 3.19.2-0ubuntu0.14.04.1 | trusty | ||
| Affected | pkg:deb/ubuntu/libnss3-dev?distro=trusty | ubuntu |
libnss3-dev
|
< 3.19.2-0ubuntu0.14.04.1 | trusty | ||
| Affected | pkg:deb/ubuntu/libnss3-1d?distro=trusty | ubuntu |
libnss3-1d
|
< 3.19.2-0ubuntu0.14.04.1 | trusty |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |