[USN-4417-1] NSS vulnerability
Severity
Medium
Affected Packages
14
CVEs
1
NSS could be made to expose sensitive information.
Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered
that NSS incorrectly handled RSA key generation. A local attacker could
possibly use this issue to perform a timing attack and recover RSA keys.
| Package | Affected Version |
|---|---|
 pkg:deb/ubuntu/libnss3?distro=xenial
|
< 3.28.4-0ubuntu0.16.04.12 |
|
pkg:deb/ubuntu/libnss3?distro=focal
|
< 3.49.1-1ubuntu1.2 |
|
pkg:deb/ubuntu/libnss3?distro=eoan
|
< 3.45-1ubuntu2.4 |
|
pkg:deb/ubuntu/libnss3?distro=bionic
|
< 3.35-2ubuntu2.9 |
|
pkg:deb/ubuntu/libnss3-tools?distro=xenial
|
< 3.28.4-0ubuntu0.16.04.12 |
|
pkg:deb/ubuntu/libnss3-tools?distro=focal
|
< 3.49.1-1ubuntu1.2 |
|
pkg:deb/ubuntu/libnss3-tools?distro=eoan
|
< 3.45-1ubuntu2.4 |
|
pkg:deb/ubuntu/libnss3-tools?distro=bionic
|
< 3.35-2ubuntu2.9 |
|
pkg:deb/ubuntu/libnss3-nssdb?distro=xenial
|
< 3.28.4-0ubuntu0.16.04.12 |
|
pkg:deb/ubuntu/libnss3-dev?distro=xenial
|
< 3.28.4-0ubuntu0.16.04.12 |
|
pkg:deb/ubuntu/libnss3-dev?distro=focal
|
< 3.49.1-1ubuntu1.2 |
|
pkg:deb/ubuntu/libnss3-dev?distro=eoan
|
< 3.45-1ubuntu2.4 |
|
pkg:deb/ubuntu/libnss3-dev?distro=bionic
|
< 3.35-2ubuntu2.9 |
|
pkg:deb/ubuntu/libnss3-1d?distro=xenial
|
< 3.28.4-0ubuntu0.16.04.12 |
- ID
- USN-4417-1
- Severity
- medium
- URL
- https://ubuntu.com/security/notices/USN-4417-1
- Published
-
2020-07-06T18:16:28
(4 years ago) - Modified
-
2020-07-06T18:16:28
(4 years ago) - Other Advisories
-
-
ALAS-2021-1522
-
ALAS2-2020-1559
-
ALPINE:CVE-2020-12402
-
ALSA-2020:3280
-
DSA-4726-1
-
ELSA-2020-3280
-
ELSA-2020-4076
-
FEDORA-2020-16741ac7ff
-
FEDORA-2020-3ef1937475
-
GLSA-202007-10
-
MFSA-2020-24
-
MFSA-2020-29
-
openSUSE-SU-2020:0953-1
-
openSUSE-SU-2020:0955-1
-
openSUSE-SU-2020:0983-1
-
openSUSE-SU-2020:1017-1
-
RHSA-2020:3280
-
RHSA-2020:4076
-
SUSE-SU-2020:1839-1
-
SUSE-SU-2020:1850-1
-
SUSE-SU-2020:1898-1
-
SUSE-SU-2020:1899-1
-
USN-4417-2
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:deb/ubuntu/libnss3?distro=xenial | ubuntu |
libnss3
|
< 3.28.4-0ubuntu0.16.04.12 | xenial | ||
| Affected | pkg:deb/ubuntu/libnss3?distro=focal | ubuntu |
libnss3
|
< 3.49.1-1ubuntu1.2 | focal | ||
| Affected | pkg:deb/ubuntu/libnss3?distro=eoan | ubuntu |
libnss3
|
< 3.45-1ubuntu2.4 | eoan | ||
| Affected | pkg:deb/ubuntu/libnss3?distro=bionic | ubuntu |
libnss3
|
< 3.35-2ubuntu2.9 | bionic | ||
| Affected | pkg:deb/ubuntu/libnss3-tools?distro=xenial | ubuntu |
libnss3-tools
|
< 3.28.4-0ubuntu0.16.04.12 | xenial | ||
| Affected | pkg:deb/ubuntu/libnss3-tools?distro=focal | ubuntu |
libnss3-tools
|
< 3.49.1-1ubuntu1.2 | focal | ||
| Affected | pkg:deb/ubuntu/libnss3-tools?distro=eoan | ubuntu |
libnss3-tools
|
< 3.45-1ubuntu2.4 | eoan | ||
| Affected | pkg:deb/ubuntu/libnss3-tools?distro=bionic | ubuntu |
libnss3-tools
|
< 3.35-2ubuntu2.9 | bionic | ||
| Affected | pkg:deb/ubuntu/libnss3-nssdb?distro=xenial | ubuntu |
libnss3-nssdb
|
< 3.28.4-0ubuntu0.16.04.12 | xenial | ||
| Affected | pkg:deb/ubuntu/libnss3-dev?distro=xenial | ubuntu |
libnss3-dev
|
< 3.28.4-0ubuntu0.16.04.12 | xenial | ||
| Affected | pkg:deb/ubuntu/libnss3-dev?distro=focal | ubuntu |
libnss3-dev
|
< 3.49.1-1ubuntu1.2 | focal | ||
| Affected | pkg:deb/ubuntu/libnss3-dev?distro=eoan | ubuntu |
libnss3-dev
|
< 3.45-1ubuntu2.4 | eoan | ||
| Affected | pkg:deb/ubuntu/libnss3-dev?distro=bionic | ubuntu |
libnss3-dev
|
< 3.35-2ubuntu2.9 | bionic | ||
| Affected | pkg:deb/ubuntu/libnss3-1d?distro=xenial | ubuntu |
libnss3-1d
|
< 3.28.4-0ubuntu0.16.04.12 | xenial |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |