1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-3163-1

[USN-3163-1] NSS vulnerabilities

Severity Medium
Affected Packages 10
CVEs 3
Info Packages Vulnerabilities

Several security issues were fixed in NSS.

It was discovered that NSS incorrectly handled certain invalid
Diffie-Hellman keys. A remote attacker could possibly use this flaw to
cause NSS to crash, resulting in a denial of service. This issue only
applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-5285)

Hubert Kario discovered that NSS incorrectly handled Diffie Hellman client
key exchanges. A remote attacker could possibly use this flaw to perform a
small subgroup confinement attack and recover private keys. This issue only
applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-8635)

Franziskus Kiefer discovered that NSS incorrectly mitigated certain timing
side-channel attacks. A remote attacker could possibly use this flaw to
recover private keys. (CVE-2016-9074)

This update refreshes the NSS package to version 3.26.2 which includes
the latest CA certificate bundle.

Package Affected Version
pkg:deb/ubuntu/libnss3?distro=xenial < 3.26.2-0ubuntu0.16.04.2
pkg:deb/ubuntu/libnss3?distro=trusty < 3.26.2-0ubuntu0.14.04.3
pkg:deb/ubuntu/libnss3-tools?distro=xenial < 3.26.2-0ubuntu0.16.04.2
pkg:deb/ubuntu/libnss3-tools?distro=trusty < 3.26.2-0ubuntu0.14.04.3
pkg:deb/ubuntu/libnss3-nssdb?distro=xenial < 3.26.2-0ubuntu0.16.04.2
pkg:deb/ubuntu/libnss3-nssdb?distro=trusty < 3.26.2-0ubuntu0.14.04.3
pkg:deb/ubuntu/libnss3-dev?distro=xenial < 3.26.2-0ubuntu0.16.04.2
pkg:deb/ubuntu/libnss3-dev?distro=trusty < 3.26.2-0ubuntu0.14.04.3
pkg:deb/ubuntu/libnss3-1d?distro=xenial < 3.26.2-0ubuntu0.16.04.2
pkg:deb/ubuntu/libnss3-1d?distro=trusty < 3.26.2-0ubuntu0.14.04.3
ID
USN-3163-1
Severity
medium
URL
https://ubuntu.com/security/notices/USN-3163-1
Published
2017-01-04T16:32:54
(7 years ago)
Modified
2017-01-04T16:32:54
(7 years ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/libnss3?distro=xenial ubuntu libnss3 < 3.26.2-0ubuntu0.16.04.2 xenial
Affected pkg:deb/ubuntu/libnss3?distro=trusty ubuntu libnss3 < 3.26.2-0ubuntu0.14.04.3 trusty
Affected pkg:deb/ubuntu/libnss3-tools?distro=xenial ubuntu libnss3-tools < 3.26.2-0ubuntu0.16.04.2 xenial
Affected pkg:deb/ubuntu/libnss3-tools?distro=trusty ubuntu libnss3-tools < 3.26.2-0ubuntu0.14.04.3 trusty
Affected pkg:deb/ubuntu/libnss3-nssdb?distro=xenial ubuntu libnss3-nssdb < 3.26.2-0ubuntu0.16.04.2 xenial
Affected pkg:deb/ubuntu/libnss3-nssdb?distro=trusty ubuntu libnss3-nssdb < 3.26.2-0ubuntu0.14.04.3 trusty
Affected pkg:deb/ubuntu/libnss3-dev?distro=xenial ubuntu libnss3-dev < 3.26.2-0ubuntu0.16.04.2 xenial
Affected pkg:deb/ubuntu/libnss3-dev?distro=trusty ubuntu libnss3-dev < 3.26.2-0ubuntu0.14.04.3 trusty
Affected pkg:deb/ubuntu/libnss3-1d?distro=xenial ubuntu libnss3-1d < 3.26.2-0ubuntu0.16.04.2 xenial
Affected pkg:deb/ubuntu/libnss3-1d?distro=trusty ubuntu libnss3-1d < 3.26.2-0ubuntu0.14.04.3 trusty
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date