[USN-5168-3] NSS vulnerability
Severity
High
Affected Packages
10
CVEs
1
NSS could be made to crash or run programs if it verified a specially crafted signature.
USN-5168-1 fixed a vulnerability in NSS. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS
signatures. A remote attacker could use this issue to cause NSS to crash,
resulting in a denial of service, or possibly execute arbitrary code.
Package | Affected Version |
---|---|
pkg:deb/ubuntu/libnss3?distro=xenial | < 3.28.4-0ubuntu0.16.04.14+esm1 |
pkg:deb/ubuntu/libnss3?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm9 |
pkg:deb/ubuntu/libnss3-tools?distro=xenial | < 3.28.4-0ubuntu0.16.04.14+esm1 |
pkg:deb/ubuntu/libnss3-tools?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm9 |
pkg:deb/ubuntu/libnss3-nssdb?distro=xenial | < 3.28.4-0ubuntu0.16.04.14+esm1 |
pkg:deb/ubuntu/libnss3-nssdb?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm9 |
pkg:deb/ubuntu/libnss3-dev?distro=xenial | < 3.28.4-0ubuntu0.16.04.14+esm1 |
pkg:deb/ubuntu/libnss3-dev?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm9 |
pkg:deb/ubuntu/libnss3-1d?distro=xenial | < 3.28.4-0ubuntu0.16.04.14+esm1 |
pkg:deb/ubuntu/libnss3-1d?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm9 |
- ID
- USN-5168-3
- Severity
- high
- URL
- https://ubuntu.com/security/notices/USN-5168-3
- Published
-
2021-12-01T18:02:43
(2 years ago) - Modified
-
2021-12-01T18:02:43
(2 years ago) - Other Advisories
-
- ALAS-2021-1552
- ALAS2-2021-1722
- ALPINE:CVE-2021-43527
- ALSA-2021:4903
- ASA-202112-3
- ASA-202112-4
- DSA-5016-1
- ELSA-2021-4903
- ELSA-2021-4904
- ELSA-2021-9591
- FEDORA-2021-d0be347892
- FEDORA-2021-d8e9f6222a
- FREEBSD:47695A9C-5377-11EC-8BE6-D4C9EF517024
- GLSA-202212-05
- MFSA-2021-51
- MS:CVE-2021-43527
- openSUSE-SU-2021:3934-1
- RHSA-2021:4903
- RHSA-2021:4904
- RLSA-2021:4903
- SSA:2021-337-01
- SSA:2023-006-01
- SUSE-SU-2021:3934-1
- SUSE-SU-2021:3939-1
- SUSE-SU-2022:2536-1
- SUSE-SU-2024:2008-1
- SUSE-SU-2024:2010-1
- SUSE-SU-2024:2011-1
- SUSE-SU-2024:2019-1
- SUSE-SU-2024:2183-1
- SUSE-SU-2024:2185-1
- SUSE-SU-2024:2189-1
- SUSE-SU-2024:2190-1
- USN-5168-1
- USN-5168-2
- USN-5168-4
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/libnss3?distro=xenial | ubuntu | libnss3 | < 3.28.4-0ubuntu0.16.04.14+esm1 | xenial | ||
Affected | pkg:deb/ubuntu/libnss3?distro=trusty | ubuntu | libnss3 | < 3.28.4-0ubuntu0.14.04.5+esm9 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-tools?distro=xenial | ubuntu | libnss3-tools | < 3.28.4-0ubuntu0.16.04.14+esm1 | xenial | ||
Affected | pkg:deb/ubuntu/libnss3-tools?distro=trusty | ubuntu | libnss3-tools | < 3.28.4-0ubuntu0.14.04.5+esm9 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-nssdb?distro=xenial | ubuntu | libnss3-nssdb | < 3.28.4-0ubuntu0.16.04.14+esm1 | xenial | ||
Affected | pkg:deb/ubuntu/libnss3-nssdb?distro=trusty | ubuntu | libnss3-nssdb | < 3.28.4-0ubuntu0.14.04.5+esm9 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-dev?distro=xenial | ubuntu | libnss3-dev | < 3.28.4-0ubuntu0.16.04.14+esm1 | xenial | ||
Affected | pkg:deb/ubuntu/libnss3-dev?distro=trusty | ubuntu | libnss3-dev | < 3.28.4-0ubuntu0.14.04.5+esm9 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-1d?distro=xenial | ubuntu | libnss3-1d | < 3.28.4-0ubuntu0.16.04.14+esm1 | xenial | ||
Affected | pkg:deb/ubuntu/libnss3-1d?distro=trusty | ubuntu | libnss3-1d | < 3.28.4-0ubuntu0.14.04.5+esm9 | trusty |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |