[USN-5872-1] NSS vulnerabilities
Severity
High
Affected Packages
10
CVEs
2
Several security issues were fixed in NSS.
Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7
sequence. A remote attacker could possibly use this issue to cause NSS to
crash, resulting in a denial of service. (CVE-2022-22747)
Ronald Crane discovered that NSS incorrectly handled certain memory
operations. A remote attacker could use this issue to cause NSS to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2022-34480)
Package | Affected Version |
---|---|
pkg:deb/ubuntu/libnss3?distro=xenial | < 3.28.4-0ubuntu0.16.04.14+esm3 |
pkg:deb/ubuntu/libnss3?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm11 |
pkg:deb/ubuntu/libnss3-tools?distro=xenial | < 3.28.4-0ubuntu0.16.04.14+esm3 |
pkg:deb/ubuntu/libnss3-tools?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm11 |
pkg:deb/ubuntu/libnss3-nssdb?distro=xenial | < 3.28.4-0ubuntu0.16.04.14+esm3 |
pkg:deb/ubuntu/libnss3-nssdb?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm11 |
pkg:deb/ubuntu/libnss3-dev?distro=xenial | < 3.28.4-0ubuntu0.16.04.14+esm3 |
pkg:deb/ubuntu/libnss3-dev?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm11 |
pkg:deb/ubuntu/libnss3-1d?distro=xenial | < 3.28.4-0ubuntu0.16.04.14+esm3 |
pkg:deb/ubuntu/libnss3-1d?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm11 |
- ID
- USN-5872-1
- Severity
- high
- Severity from
- CVE-2022-34480
- URL
- https://ubuntu.com/security/notices/USN-5872-1
- Published
-
2023-02-15T12:50:54
(19 months ago) - Modified
-
2023-02-15T12:50:54
(19 months ago) - Other Advisories
-
- ALAS2-2022-1818
- ALPINE:CVE-2022-22747
- ALPINE:CVE-2022-34480
- ALSA-2022:0129
- ALSA-2022:0130
- DSA-5044-1
- DSA-5045-1
- DSA-5062-1
- ELSA-2022-0124
- ELSA-2022-0127
- ELSA-2022-0129
- ELSA-2022-0130
- GLSA-202202-03
- GLSA-202208-08
- GLSA-202208-14
- MFSA-2022-01
- MFSA-2022-02
- MFSA-2022-03
- MFSA-2022-24
- openSUSE-SU-2022:0136-1
- openSUSE-SU-2022:0199-1
- RHSA-2022:0124
- RHSA-2022:0127
- RHSA-2022:0129
- RHSA-2022:0130
- SUSE-SU-2022:0115-1
- SUSE-SU-2022:0136-1
- SUSE-SU-2022:0137-1
- SUSE-SU-2022:0199-1
- SUSE-SU-2022:3272-1
- SUSE-SU-2022:3273-1
- SUSE-SU-2022:3396-1
- USN-5229-1
- USN-5246-1
- USN-5248-1
- USN-5504-1
- USN-5506-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/libnss3?distro=xenial | ubuntu | libnss3 | < 3.28.4-0ubuntu0.16.04.14+esm3 | xenial | ||
Affected | pkg:deb/ubuntu/libnss3?distro=trusty | ubuntu | libnss3 | < 3.28.4-0ubuntu0.14.04.5+esm11 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-tools?distro=xenial | ubuntu | libnss3-tools | < 3.28.4-0ubuntu0.16.04.14+esm3 | xenial | ||
Affected | pkg:deb/ubuntu/libnss3-tools?distro=trusty | ubuntu | libnss3-tools | < 3.28.4-0ubuntu0.14.04.5+esm11 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-nssdb?distro=xenial | ubuntu | libnss3-nssdb | < 3.28.4-0ubuntu0.16.04.14+esm3 | xenial | ||
Affected | pkg:deb/ubuntu/libnss3-nssdb?distro=trusty | ubuntu | libnss3-nssdb | < 3.28.4-0ubuntu0.14.04.5+esm11 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-dev?distro=xenial | ubuntu | libnss3-dev | < 3.28.4-0ubuntu0.16.04.14+esm3 | xenial | ||
Affected | pkg:deb/ubuntu/libnss3-dev?distro=trusty | ubuntu | libnss3-dev | < 3.28.4-0ubuntu0.14.04.5+esm11 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-1d?distro=xenial | ubuntu | libnss3-1d | < 3.28.4-0ubuntu0.16.04.14+esm3 | xenial | ||
Affected | pkg:deb/ubuntu/libnss3-1d?distro=trusty | ubuntu | libnss3-1d | < 3.28.4-0ubuntu0.14.04.5+esm11 | trusty |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |