[USN-5168-1] NSS vulnerability
Severity
High
Affected Packages
12
CVEs
1
NSS could be made to crash or run programs if it verified a specially crafted signature.
Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS
signatures. A remote attacker could use this issue to cause NSS to crash,
resulting in a denial of service, or possibly execute arbitrary code.
Package | Affected Version |
---|---|
pkg:deb/ubuntu/libnss3?distro=impish | < 3.68-1ubuntu1.1 |
pkg:deb/ubuntu/libnss3?distro=hirsute | < 3.61-1ubuntu2.1 |
pkg:deb/ubuntu/libnss3?distro=focal | < 3.49.1-1ubuntu1.6 |
pkg:deb/ubuntu/libnss3?distro=bionic | < 3.35-2ubuntu2.13 |
pkg:deb/ubuntu/libnss3-tools?distro=impish | < 3.68-1ubuntu1.1 |
pkg:deb/ubuntu/libnss3-tools?distro=hirsute | < 3.61-1ubuntu2.1 |
pkg:deb/ubuntu/libnss3-tools?distro=focal | < 3.49.1-1ubuntu1.6 |
pkg:deb/ubuntu/libnss3-tools?distro=bionic | < 3.35-2ubuntu2.13 |
pkg:deb/ubuntu/libnss3-dev?distro=impish | < 3.68-1ubuntu1.1 |
pkg:deb/ubuntu/libnss3-dev?distro=hirsute | < 3.61-1ubuntu2.1 |
pkg:deb/ubuntu/libnss3-dev?distro=focal | < 3.49.1-1ubuntu1.6 |
pkg:deb/ubuntu/libnss3-dev?distro=bionic | < 3.35-2ubuntu2.13 |
- ID
- USN-5168-1
- Severity
- high
- URL
- https://ubuntu.com/security/notices/USN-5168-1
- Published
-
2021-12-01T16:49:18
(2 years ago) - Modified
-
2021-12-01T16:49:18
(2 years ago) - Other Advisories
-
- ALAS-2021-1552
- ALAS2-2021-1722
- ALPINE:CVE-2021-43527
- ALSA-2021:4903
- ASA-202112-3
- ASA-202112-4
- DSA-5016-1
- ELSA-2021-4903
- ELSA-2021-4904
- ELSA-2021-9591
- FEDORA-2021-d0be347892
- FEDORA-2021-d8e9f6222a
- FREEBSD:47695A9C-5377-11EC-8BE6-D4C9EF517024
- GLSA-202212-05
- MFSA-2021-51
- MS:CVE-2021-43527
- openSUSE-SU-2021:3934-1
- RHSA-2021:4903
- RHSA-2021:4904
- RLSA-2021:4903
- SSA:2021-337-01
- SSA:2023-006-01
- SUSE-SU-2021:3934-1
- SUSE-SU-2021:3939-1
- SUSE-SU-2022:2536-1
- SUSE-SU-2024:2008-1
- SUSE-SU-2024:2010-1
- SUSE-SU-2024:2011-1
- SUSE-SU-2024:2019-1
- SUSE-SU-2024:2183-1
- SUSE-SU-2024:2185-1
- SUSE-SU-2024:2189-1
- SUSE-SU-2024:2190-1
- USN-5168-2
- USN-5168-3
- USN-5168-4
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/libnss3?distro=impish | ubuntu | libnss3 | < 3.68-1ubuntu1.1 | impish | ||
Affected | pkg:deb/ubuntu/libnss3?distro=hirsute | ubuntu | libnss3 | < 3.61-1ubuntu2.1 | hirsute | ||
Affected | pkg:deb/ubuntu/libnss3?distro=focal | ubuntu | libnss3 | < 3.49.1-1ubuntu1.6 | focal | ||
Affected | pkg:deb/ubuntu/libnss3?distro=bionic | ubuntu | libnss3 | < 3.35-2ubuntu2.13 | bionic | ||
Affected | pkg:deb/ubuntu/libnss3-tools?distro=impish | ubuntu | libnss3-tools | < 3.68-1ubuntu1.1 | impish | ||
Affected | pkg:deb/ubuntu/libnss3-tools?distro=hirsute | ubuntu | libnss3-tools | < 3.61-1ubuntu2.1 | hirsute | ||
Affected | pkg:deb/ubuntu/libnss3-tools?distro=focal | ubuntu | libnss3-tools | < 3.49.1-1ubuntu1.6 | focal | ||
Affected | pkg:deb/ubuntu/libnss3-tools?distro=bionic | ubuntu | libnss3-tools | < 3.35-2ubuntu2.13 | bionic | ||
Affected | pkg:deb/ubuntu/libnss3-dev?distro=impish | ubuntu | libnss3-dev | < 3.68-1ubuntu1.1 | impish | ||
Affected | pkg:deb/ubuntu/libnss3-dev?distro=hirsute | ubuntu | libnss3-dev | < 3.61-1ubuntu2.1 | hirsute | ||
Affected | pkg:deb/ubuntu/libnss3-dev?distro=focal | ubuntu | libnss3-dev | < 3.49.1-1ubuntu1.6 | focal | ||
Affected | pkg:deb/ubuntu/libnss3-dev?distro=bionic | ubuntu | libnss3-dev | < 3.35-2ubuntu2.13 | bionic |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |