[USN-5892-1] NSS vulnerabilities
Severity
High
Affected Packages
12
CVEs
2
Several security issues were fixed in NSS.
It was discovered that NSS incorrectly handled client authentication
without a user certificate in the database. A remote attacker could
possibly use this issue to cause a NSS client to crash, resulting in a
denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-3479)
Christian Holler discovered that NSS incorrectly handled certain PKCS 12
certificated bundles. A remote attacker could use this issue to cause NSS
to crash, leading to a denial of service, or possibly execute arbitrary
code. (CVE-2023-0767)
Package | Affected Version |
---|---|
pkg:deb/ubuntu/libnss3?distro=kinetic | < 3.82-1ubuntu0.1 |
pkg:deb/ubuntu/libnss3?distro=jammy | < 3.68.2-0ubuntu1.2 |
pkg:deb/ubuntu/libnss3?distro=focal | < 3.49.1-1ubuntu1.9 |
pkg:deb/ubuntu/libnss3?distro=bionic | < 3.35-2ubuntu2.16 |
pkg:deb/ubuntu/libnss3-tools?distro=kinetic | < 3.82-1ubuntu0.1 |
pkg:deb/ubuntu/libnss3-tools?distro=jammy | < 3.68.2-0ubuntu1.2 |
pkg:deb/ubuntu/libnss3-tools?distro=focal | < 3.49.1-1ubuntu1.9 |
pkg:deb/ubuntu/libnss3-tools?distro=bionic | < 3.35-2ubuntu2.16 |
pkg:deb/ubuntu/libnss3-dev?distro=kinetic | < 3.82-1ubuntu0.1 |
pkg:deb/ubuntu/libnss3-dev?distro=jammy | < 3.68.2-0ubuntu1.2 |
pkg:deb/ubuntu/libnss3-dev?distro=focal | < 3.49.1-1ubuntu1.9 |
pkg:deb/ubuntu/libnss3-dev?distro=bionic | < 3.35-2ubuntu2.16 |
- ID
- USN-5892-1
- Severity
- high
- Severity from
- CVE-2023-0767
- URL
- https://ubuntu.com/security/notices/USN-5892-1
- Published
-
2023-02-27T12:44:07
(18 months ago) - Modified
-
2023-02-27T12:44:07
(18 months ago) - Other Advisories
-
- ALAS-2023-1736
- ALAS2-2023-1983
- ALAS2-2023-1992
- ALPINE:CVE-2022-3479
- ALPINE:CVE-2023-0767
- ALSA-2023:0808
- ALSA-2023:0810
- ALSA-2023:0821
- ALSA-2023:0824
- ALSA-2023:1252
- ALSA-2023:1368
- DSA-5350-1
- DSA-5353-1
- DSA-5355-1
- ELSA-2023-0808
- ELSA-2023-0810
- ELSA-2023-0812
- ELSA-2023-0817
- ELSA-2023-0821
- ELSA-2023-0824
- ELSA-2023-12238
- ELSA-2023-1252
- ELSA-2023-1332
- ELSA-2023-1368
- GLSA-202212-05
- GLSA-202305-35
- GLSA-202305-36
- MFSA-2023-05
- MFSA-2023-06
- MFSA-2023-07
- RHSA-2023:1252
- RHSA-2023:1332
- RHSA-2023:1368
- RLSA-2023:0808
- RLSA-2023:0810
- RLSA-2023:0821
- RLSA-2023:0824
- RLSA-2023:1252
- RLSA-2023:1368
- SSA:2022-307-01
- SSA:2023-045-01
- SSA:2023-047-01
- SUSE-SU-2023:0118-1
- SUSE-SU-2023:0119-1
- SUSE-SU-2023:0130-1
- SUSE-SU-2023:0434-1
- SUSE-SU-2023:0443-1
- SUSE-SU-2023:0461-1
- SUSE-SU-2023:0466-1
- SUSE-SU-2023:0468-1
- SUSE-SU-2023:0469-1
- SUSE-SU-2023:0599-1
- USN-5880-1
- USN-5892-2
- USN-5943-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/libnss3?distro=kinetic | ubuntu | libnss3 | < 3.82-1ubuntu0.1 | kinetic | ||
Affected | pkg:deb/ubuntu/libnss3?distro=jammy | ubuntu | libnss3 | < 3.68.2-0ubuntu1.2 | jammy | ||
Affected | pkg:deb/ubuntu/libnss3?distro=focal | ubuntu | libnss3 | < 3.49.1-1ubuntu1.9 | focal | ||
Affected | pkg:deb/ubuntu/libnss3?distro=bionic | ubuntu | libnss3 | < 3.35-2ubuntu2.16 | bionic | ||
Affected | pkg:deb/ubuntu/libnss3-tools?distro=kinetic | ubuntu | libnss3-tools | < 3.82-1ubuntu0.1 | kinetic | ||
Affected | pkg:deb/ubuntu/libnss3-tools?distro=jammy | ubuntu | libnss3-tools | < 3.68.2-0ubuntu1.2 | jammy | ||
Affected | pkg:deb/ubuntu/libnss3-tools?distro=focal | ubuntu | libnss3-tools | < 3.49.1-1ubuntu1.9 | focal | ||
Affected | pkg:deb/ubuntu/libnss3-tools?distro=bionic | ubuntu | libnss3-tools | < 3.35-2ubuntu2.16 | bionic | ||
Affected | pkg:deb/ubuntu/libnss3-dev?distro=kinetic | ubuntu | libnss3-dev | < 3.82-1ubuntu0.1 | kinetic | ||
Affected | pkg:deb/ubuntu/libnss3-dev?distro=jammy | ubuntu | libnss3-dev | < 3.68.2-0ubuntu1.2 | jammy | ||
Affected | pkg:deb/ubuntu/libnss3-dev?distro=focal | ubuntu | libnss3-dev | < 3.49.1-1ubuntu1.9 | focal | ||
Affected | pkg:deb/ubuntu/libnss3-dev?distro=bionic | ubuntu | libnss3-dev | < 3.35-2ubuntu2.16 | bionic |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |