[USN-5168-1] NSS vulnerability
Severity
High
Affected Packages
12
CVEs
1
NSS could be made to crash or run programs if it verified a specially crafted signature.
Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS
signatures. A remote attacker could use this issue to cause NSS to crash,
resulting in a denial of service, or possibly execute arbitrary code.
| Package | Affected Version |
|---|---|
 pkg:deb/ubuntu/libnss3?distro=impish
|
< 3.68-1ubuntu1.1 |
|
pkg:deb/ubuntu/libnss3?distro=hirsute
|
< 3.61-1ubuntu2.1 |
|
pkg:deb/ubuntu/libnss3?distro=focal
|
< 3.49.1-1ubuntu1.6 |
|
pkg:deb/ubuntu/libnss3?distro=bionic
|
< 3.35-2ubuntu2.13 |
|
pkg:deb/ubuntu/libnss3-tools?distro=impish
|
< 3.68-1ubuntu1.1 |
|
pkg:deb/ubuntu/libnss3-tools?distro=hirsute
|
< 3.61-1ubuntu2.1 |
|
pkg:deb/ubuntu/libnss3-tools?distro=focal
|
< 3.49.1-1ubuntu1.6 |
|
pkg:deb/ubuntu/libnss3-tools?distro=bionic
|
< 3.35-2ubuntu2.13 |
|
pkg:deb/ubuntu/libnss3-dev?distro=impish
|
< 3.68-1ubuntu1.1 |
|
pkg:deb/ubuntu/libnss3-dev?distro=hirsute
|
< 3.61-1ubuntu2.1 |
|
pkg:deb/ubuntu/libnss3-dev?distro=focal
|
< 3.49.1-1ubuntu1.6 |
|
pkg:deb/ubuntu/libnss3-dev?distro=bionic
|
< 3.35-2ubuntu2.13 |
- ID
- USN-5168-1
- Severity
- high
- URL
- https://ubuntu.com/security/notices/USN-5168-1
- Published
-
2021-12-01T16:49:18
(2 years ago) - Modified
-
2021-12-01T16:49:18
(2 years ago) - Other Advisories
-
-
ALAS-2021-1552
-
ALAS2-2021-1722
-
ALPINE:CVE-2021-43527
-
ALSA-2021:4903
-
ASA-202112-3
-
ASA-202112-4
-
DSA-5016-1
-
ELSA-2021-4903
-
ELSA-2021-4904
-
ELSA-2021-9591
-
FEDORA-2021-d0be347892
-
FEDORA-2021-d8e9f6222a
-
FREEBSD:47695A9C-5377-11EC-8BE6-D4C9EF517024
-
GLSA-202212-05
-
MFSA-2021-51
-
MS:CVE-2021-43527
-
openSUSE-SU-2021:3934-1
-
RHSA-2021:4903
-
RHSA-2021:4904
-
RLSA-2021:4903
-
SSA:2021-337-01
-
SSA:2023-006-01
-
SUSE-SU-2021:3934-1
-
SUSE-SU-2021:3939-1
-
SUSE-SU-2022:2536-1
-
SUSE-SU-2024:2008-1
-
SUSE-SU-2024:2010-1
-
SUSE-SU-2024:2011-1
-
SUSE-SU-2024:2019-1
-
SUSE-SU-2024:2183-1
-
SUSE-SU-2024:2185-1
-
SUSE-SU-2024:2189-1
-
SUSE-SU-2024:2190-1
-
USN-5168-2
-
USN-5168-3
-
USN-5168-4
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:deb/ubuntu/libnss3?distro=impish | ubuntu |
libnss3
|
< 3.68-1ubuntu1.1 | impish | ||
| Affected | pkg:deb/ubuntu/libnss3?distro=hirsute | ubuntu |
libnss3
|
< 3.61-1ubuntu2.1 | hirsute | ||
| Affected | pkg:deb/ubuntu/libnss3?distro=focal | ubuntu |
libnss3
|
< 3.49.1-1ubuntu1.6 | focal | ||
| Affected | pkg:deb/ubuntu/libnss3?distro=bionic | ubuntu |
libnss3
|
< 3.35-2ubuntu2.13 | bionic | ||
| Affected | pkg:deb/ubuntu/libnss3-tools?distro=impish | ubuntu |
libnss3-tools
|
< 3.68-1ubuntu1.1 | impish | ||
| Affected | pkg:deb/ubuntu/libnss3-tools?distro=hirsute | ubuntu |
libnss3-tools
|
< 3.61-1ubuntu2.1 | hirsute | ||
| Affected | pkg:deb/ubuntu/libnss3-tools?distro=focal | ubuntu |
libnss3-tools
|
< 3.49.1-1ubuntu1.6 | focal | ||
| Affected | pkg:deb/ubuntu/libnss3-tools?distro=bionic | ubuntu |
libnss3-tools
|
< 3.35-2ubuntu2.13 | bionic | ||
| Affected | pkg:deb/ubuntu/libnss3-dev?distro=impish | ubuntu |
libnss3-dev
|
< 3.68-1ubuntu1.1 | impish | ||
| Affected | pkg:deb/ubuntu/libnss3-dev?distro=hirsute | ubuntu |
libnss3-dev
|
< 3.61-1ubuntu2.1 | hirsute | ||
| Affected | pkg:deb/ubuntu/libnss3-dev?distro=focal | ubuntu |
libnss3-dev
|
< 3.49.1-1ubuntu1.6 | focal | ||
| Affected | pkg:deb/ubuntu/libnss3-dev?distro=bionic | ubuntu |
libnss3-dev
|
< 3.35-2ubuntu2.13 | bionic |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |