[USN-4203-2] NSS vulnerability
Severity
Medium
Affected Packages
9
CVEs
1
NSS could be made to crash or run programs if it received specially crafted input.
USN-4203-1 fixed a vulnerability in NSS. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that NSS incorrectly handled certain memory operations. A
remote attacker could use this issue to cause NSS to crash, resulting in a
denial of service, or possibly execute arbitrary code.
Package | Affected Version |
---|---|
pkg:deb/ubuntu/libnss3?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm2 |
pkg:deb/ubuntu/libnss3?distro=precise | < 3.28.4-0ubuntu0.12.04.5 |
pkg:deb/ubuntu/libnss3-tools?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm2 |
pkg:deb/ubuntu/libnss3-tools?distro=precise | < 3.28.4-0ubuntu0.12.04.5 |
pkg:deb/ubuntu/libnss3-nssdb?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm2 |
pkg:deb/ubuntu/libnss3-dev?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm2 |
pkg:deb/ubuntu/libnss3-dev?distro=precise | < 3.28.4-0ubuntu0.12.04.5 |
pkg:deb/ubuntu/libnss3-1d?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm2 |
pkg:deb/ubuntu/libnss3-1d?distro=precise | < 3.28.4-0ubuntu0.12.04.5 |
- ID
- USN-4203-2
- Severity
- medium
- URL
- https://ubuntu.com/security/notices/USN-4203-2
- Published
-
2019-11-27T18:23:47
(4 years ago) - Modified
-
2019-11-27T18:23:47
(4 years ago) - Other Advisories
-
- ALAS-2020-1355
- ALAS2-2020-1379
- ALAS2-2020-1384
- ALAS2-2024-2470
- ALPINE:CVE-2019-11745
- ASA-201912-1
- ASA-201912-2
- DSA-4579-1
- ELSA-2019-4114
- ELSA-2019-4152
- ELSA-2019-4190
- GLSA-202003-02
- GLSA-202003-10
- GLSA-202003-37
- MFSA-2019-36
- MFSA-2019-37
- MFSA-2019-38
- openSUSE-SU-2020:0002-1
- openSUSE-SU-2020:0003-1
- openSUSE-SU-2020:0008-1
- RHSA-2019:4114
- RHSA-2019:4152
- RHSA-2019:4190
- SSA:2019-337-01
- SUSE-SU-2019:3337-1
- SUSE-SU-2019:3339-1
- SUSE-SU-2019:3347-1
- SUSE-SU-2019:3395-1
- SUSE-SU-2020:0088-1
- USN-4203-1
- USN-4216-1
- USN-4216-2
- USN-4241-1
- USN-4335-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/libnss3?distro=trusty | ubuntu | libnss3 | < 3.28.4-0ubuntu0.14.04.5+esm2 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3?distro=precise | ubuntu | libnss3 | < 3.28.4-0ubuntu0.12.04.5 | precise | ||
Affected | pkg:deb/ubuntu/libnss3-tools?distro=trusty | ubuntu | libnss3-tools | < 3.28.4-0ubuntu0.14.04.5+esm2 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-tools?distro=precise | ubuntu | libnss3-tools | < 3.28.4-0ubuntu0.12.04.5 | precise | ||
Affected | pkg:deb/ubuntu/libnss3-nssdb?distro=trusty | ubuntu | libnss3-nssdb | < 3.28.4-0ubuntu0.14.04.5+esm2 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-dev?distro=trusty | ubuntu | libnss3-dev | < 3.28.4-0ubuntu0.14.04.5+esm2 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-dev?distro=precise | ubuntu | libnss3-dev | < 3.28.4-0ubuntu0.12.04.5 | precise | ||
Affected | pkg:deb/ubuntu/libnss3-1d?distro=trusty | ubuntu | libnss3-1d | < 3.28.4-0ubuntu0.14.04.5+esm2 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-1d?distro=precise | ubuntu | libnss3-1d | < 3.28.4-0ubuntu0.12.04.5 | precise |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |