[USN-3163-1] NSS vulnerabilities
Several security issues were fixed in NSS.
It was discovered that NSS incorrectly handled certain invalid
Diffie-Hellman keys. A remote attacker could possibly use this flaw to
cause NSS to crash, resulting in a denial of service. This issue only
applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-5285)
Hubert Kario discovered that NSS incorrectly handled Diffie Hellman client
key exchanges. A remote attacker could possibly use this flaw to perform a
small subgroup confinement attack and recover private keys. This issue only
applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-8635)
Franziskus Kiefer discovered that NSS incorrectly mitigated certain timing
side-channel attacks. A remote attacker could possibly use this flaw to
recover private keys. (CVE-2016-9074)
This update refreshes the NSS package to version 3.26.2 which includes
the latest CA certificate bundle.
Package | Affected Version |
---|---|
pkg:deb/ubuntu/libnss3?distro=xenial | < 3.26.2-0ubuntu0.16.04.2 |
pkg:deb/ubuntu/libnss3?distro=trusty | < 3.26.2-0ubuntu0.14.04.3 |
pkg:deb/ubuntu/libnss3-tools?distro=xenial | < 3.26.2-0ubuntu0.16.04.2 |
pkg:deb/ubuntu/libnss3-tools?distro=trusty | < 3.26.2-0ubuntu0.14.04.3 |
pkg:deb/ubuntu/libnss3-nssdb?distro=xenial | < 3.26.2-0ubuntu0.16.04.2 |
pkg:deb/ubuntu/libnss3-nssdb?distro=trusty | < 3.26.2-0ubuntu0.14.04.3 |
pkg:deb/ubuntu/libnss3-dev?distro=xenial | < 3.26.2-0ubuntu0.16.04.2 |
pkg:deb/ubuntu/libnss3-dev?distro=trusty | < 3.26.2-0ubuntu0.14.04.3 |
pkg:deb/ubuntu/libnss3-1d?distro=xenial | < 3.26.2-0ubuntu0.16.04.2 |
pkg:deb/ubuntu/libnss3-1d?distro=trusty | < 3.26.2-0ubuntu0.14.04.3 |
- ID
- USN-3163-1
- Severity
- medium
- URL
- https://ubuntu.com/security/notices/USN-3163-1
- Published
-
2017-01-04T16:32:54
(7 years ago) - Modified
-
2017-01-04T16:32:54
(7 years ago) - Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/libnss3?distro=xenial | ubuntu | libnss3 | < 3.26.2-0ubuntu0.16.04.2 | xenial | ||
Affected | pkg:deb/ubuntu/libnss3?distro=trusty | ubuntu | libnss3 | < 3.26.2-0ubuntu0.14.04.3 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-tools?distro=xenial | ubuntu | libnss3-tools | < 3.26.2-0ubuntu0.16.04.2 | xenial | ||
Affected | pkg:deb/ubuntu/libnss3-tools?distro=trusty | ubuntu | libnss3-tools | < 3.26.2-0ubuntu0.14.04.3 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-nssdb?distro=xenial | ubuntu | libnss3-nssdb | < 3.26.2-0ubuntu0.16.04.2 | xenial | ||
Affected | pkg:deb/ubuntu/libnss3-nssdb?distro=trusty | ubuntu | libnss3-nssdb | < 3.26.2-0ubuntu0.14.04.3 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-dev?distro=xenial | ubuntu | libnss3-dev | < 3.26.2-0ubuntu0.16.04.2 | xenial | ||
Affected | pkg:deb/ubuntu/libnss3-dev?distro=trusty | ubuntu | libnss3-dev | < 3.26.2-0ubuntu0.14.04.3 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-1d?distro=xenial | ubuntu | libnss3-1d | < 3.26.2-0ubuntu0.16.04.2 | xenial | ||
Affected | pkg:deb/ubuntu/libnss3-1d?distro=trusty | ubuntu | libnss3-1d | < 3.26.2-0ubuntu0.14.04.3 | trusty |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |