[USN-4397-2] NSS vulnerability
Severity
Medium
Affected Packages
9
CVEs
1
NSS could be made to expose sensitive information over the network.
USN-4397-1 fixed a vulnerability in NSS. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
Cesar Pereida Garcia discovered that NSS incorrectly handled DSA key
generation. A local attacker could possibly use this issue to perform a
timing attack and recover DSA keys. (CVE-2020-12399)
Package | Affected Version |
---|---|
pkg:deb/ubuntu/libnss3?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm5 |
pkg:deb/ubuntu/libnss3?distro=precise | < 3.28.4-0ubuntu0.12.04.8 |
pkg:deb/ubuntu/libnss3-tools?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm5 |
pkg:deb/ubuntu/libnss3-tools?distro=precise | < 3.28.4-0ubuntu0.12.04.8 |
pkg:deb/ubuntu/libnss3-nssdb?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm5 |
pkg:deb/ubuntu/libnss3-dev?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm5 |
pkg:deb/ubuntu/libnss3-dev?distro=precise | < 3.28.4-0ubuntu0.12.04.8 |
pkg:deb/ubuntu/libnss3-1d?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm5 |
pkg:deb/ubuntu/libnss3-1d?distro=precise | < 3.28.4-0ubuntu0.12.04.8 |
- ID
- USN-4397-2
- Severity
- medium
- URL
- https://ubuntu.com/security/notices/USN-4397-2
- Published
-
2020-06-17T15:11:15
(4 years ago) - Modified
-
2020-06-17T15:11:15
(4 years ago) - Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/libnss3?distro=trusty | ubuntu | libnss3 | < 3.28.4-0ubuntu0.14.04.5+esm5 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3?distro=precise | ubuntu | libnss3 | < 3.28.4-0ubuntu0.12.04.8 | precise | ||
Affected | pkg:deb/ubuntu/libnss3-tools?distro=trusty | ubuntu | libnss3-tools | < 3.28.4-0ubuntu0.14.04.5+esm5 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-tools?distro=precise | ubuntu | libnss3-tools | < 3.28.4-0ubuntu0.12.04.8 | precise | ||
Affected | pkg:deb/ubuntu/libnss3-nssdb?distro=trusty | ubuntu | libnss3-nssdb | < 3.28.4-0ubuntu0.14.04.5+esm5 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-dev?distro=trusty | ubuntu | libnss3-dev | < 3.28.4-0ubuntu0.14.04.5+esm5 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-dev?distro=precise | ubuntu | libnss3-dev | < 3.28.4-0ubuntu0.12.04.8 | precise | ||
Affected | pkg:deb/ubuntu/libnss3-1d?distro=trusty | ubuntu | libnss3-1d | < 3.28.4-0ubuntu0.14.04.5+esm5 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-1d?distro=precise | ubuntu | libnss3-1d | < 3.28.4-0ubuntu0.12.04.8 | precise |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |