1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-4397-2

[USN-4397-2] NSS vulnerability

Severity Medium
Affected Packages 9
CVEs 1
Info Packages Vulnerabilities

NSS could be made to expose sensitive information over the network.

USN-4397-1 fixed a vulnerability in NSS. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

Cesar Pereida Garcia discovered that NSS incorrectly handled DSA key
generation. A local attacker could possibly use this issue to perform a
timing attack and recover DSA keys. (CVE-2020-12399)

Package Affected Version
pkg:deb/ubuntu/libnss3?distro=trusty < 3.28.4-0ubuntu0.14.04.5+esm5
pkg:deb/ubuntu/libnss3?distro=precise < 3.28.4-0ubuntu0.12.04.8
pkg:deb/ubuntu/libnss3-tools?distro=trusty < 3.28.4-0ubuntu0.14.04.5+esm5
pkg:deb/ubuntu/libnss3-tools?distro=precise < 3.28.4-0ubuntu0.12.04.8
pkg:deb/ubuntu/libnss3-nssdb?distro=trusty < 3.28.4-0ubuntu0.14.04.5+esm5
pkg:deb/ubuntu/libnss3-dev?distro=trusty < 3.28.4-0ubuntu0.14.04.5+esm5
pkg:deb/ubuntu/libnss3-dev?distro=precise < 3.28.4-0ubuntu0.12.04.8
pkg:deb/ubuntu/libnss3-1d?distro=trusty < 3.28.4-0ubuntu0.14.04.5+esm5
pkg:deb/ubuntu/libnss3-1d?distro=precise < 3.28.4-0ubuntu0.12.04.8
ID
USN-4397-2
Severity
medium
URL
https://ubuntu.com/security/notices/USN-4397-2
Published
2020-06-17T15:11:15
(4 years ago)
Modified
2020-06-17T15:11:15
(4 years ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/libnss3?distro=trusty ubuntu libnss3 < 3.28.4-0ubuntu0.14.04.5+esm5 trusty
Affected pkg:deb/ubuntu/libnss3?distro=precise ubuntu libnss3 < 3.28.4-0ubuntu0.12.04.8 precise
Affected pkg:deb/ubuntu/libnss3-tools?distro=trusty ubuntu libnss3-tools < 3.28.4-0ubuntu0.14.04.5+esm5 trusty
Affected pkg:deb/ubuntu/libnss3-tools?distro=precise ubuntu libnss3-tools < 3.28.4-0ubuntu0.12.04.8 precise
Affected pkg:deb/ubuntu/libnss3-nssdb?distro=trusty ubuntu libnss3-nssdb < 3.28.4-0ubuntu0.14.04.5+esm5 trusty
Affected pkg:deb/ubuntu/libnss3-dev?distro=trusty ubuntu libnss3-dev < 3.28.4-0ubuntu0.14.04.5+esm5 trusty
Affected pkg:deb/ubuntu/libnss3-dev?distro=precise ubuntu libnss3-dev < 3.28.4-0ubuntu0.12.04.8 precise
Affected pkg:deb/ubuntu/libnss3-1d?distro=trusty ubuntu libnss3-1d < 3.28.4-0ubuntu0.14.04.5+esm5 trusty
Affected pkg:deb/ubuntu/libnss3-1d?distro=precise ubuntu libnss3-1d < 3.28.4-0ubuntu0.12.04.8 precise
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date