[USN-5892-2] NSS vulnerability
Severity
High
Affected Packages
10
CVEs
1
NSS could be made to crash if it received a specially crafted certificate.
USN-5892-1 fixed a vulnerability in NSS. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Christian Holler discovered that NSS incorrectly handled certain PKCS 12
certificated bundles. A remote attacker could use this issue to cause NSS
to crash, leading to a denial of service, or possibly execute arbitrary
code. (CVE-2023-0767)
Package | Affected Version |
---|---|
pkg:deb/ubuntu/libnss3?distro=xenial | < 3.28.4-0ubuntu0.16.04.14+esm4 |
pkg:deb/ubuntu/libnss3?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm12 |
pkg:deb/ubuntu/libnss3-tools?distro=xenial | < 3.28.4-0ubuntu0.16.04.14+esm4 |
pkg:deb/ubuntu/libnss3-tools?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm12 |
pkg:deb/ubuntu/libnss3-nssdb?distro=xenial | < 3.28.4-0ubuntu0.16.04.14+esm4 |
pkg:deb/ubuntu/libnss3-nssdb?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm12 |
pkg:deb/ubuntu/libnss3-dev?distro=xenial | < 3.28.4-0ubuntu0.16.04.14+esm4 |
pkg:deb/ubuntu/libnss3-dev?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm12 |
pkg:deb/ubuntu/libnss3-1d?distro=xenial | < 3.28.4-0ubuntu0.16.04.14+esm4 |
pkg:deb/ubuntu/libnss3-1d?distro=trusty | < 3.28.4-0ubuntu0.14.04.5+esm12 |
- ID
- USN-5892-2
- Severity
- high
- Severity from
- CVE-2023-0767
- URL
- https://ubuntu.com/security/notices/USN-5892-2
- Published
-
2023-03-06T16:26:06
(18 months ago) - Modified
-
2023-03-06T16:26:06
(18 months ago) - Other Advisories
-
- ALAS-2023-1736
- ALAS2-2023-1983
- ALAS2-2023-1992
- ALPINE:CVE-2023-0767
- ALSA-2023:0808
- ALSA-2023:0810
- ALSA-2023:0821
- ALSA-2023:0824
- ALSA-2023:1252
- ALSA-2023:1368
- DSA-5350-1
- DSA-5353-1
- DSA-5355-1
- ELSA-2023-0808
- ELSA-2023-0810
- ELSA-2023-0812
- ELSA-2023-0817
- ELSA-2023-0821
- ELSA-2023-0824
- ELSA-2023-12238
- ELSA-2023-1252
- ELSA-2023-1332
- ELSA-2023-1368
- GLSA-202305-35
- GLSA-202305-36
- MFSA-2023-05
- MFSA-2023-06
- MFSA-2023-07
- RHSA-2023:1252
- RHSA-2023:1332
- RHSA-2023:1368
- RLSA-2023:0808
- RLSA-2023:0810
- RLSA-2023:0821
- RLSA-2023:0824
- RLSA-2023:1252
- RLSA-2023:1368
- SSA:2023-045-01
- SSA:2023-047-01
- SUSE-SU-2023:0434-1
- SUSE-SU-2023:0443-1
- SUSE-SU-2023:0461-1
- SUSE-SU-2023:0466-1
- SUSE-SU-2023:0468-1
- SUSE-SU-2023:0469-1
- SUSE-SU-2023:0599-1
- USN-5880-1
- USN-5892-1
- USN-5943-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:deb/ubuntu/libnss3?distro=xenial | ubuntu | libnss3 | < 3.28.4-0ubuntu0.16.04.14+esm4 | xenial | ||
Affected | pkg:deb/ubuntu/libnss3?distro=trusty | ubuntu | libnss3 | < 3.28.4-0ubuntu0.14.04.5+esm12 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-tools?distro=xenial | ubuntu | libnss3-tools | < 3.28.4-0ubuntu0.16.04.14+esm4 | xenial | ||
Affected | pkg:deb/ubuntu/libnss3-tools?distro=trusty | ubuntu | libnss3-tools | < 3.28.4-0ubuntu0.14.04.5+esm12 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-nssdb?distro=xenial | ubuntu | libnss3-nssdb | < 3.28.4-0ubuntu0.16.04.14+esm4 | xenial | ||
Affected | pkg:deb/ubuntu/libnss3-nssdb?distro=trusty | ubuntu | libnss3-nssdb | < 3.28.4-0ubuntu0.14.04.5+esm12 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-dev?distro=xenial | ubuntu | libnss3-dev | < 3.28.4-0ubuntu0.16.04.14+esm4 | xenial | ||
Affected | pkg:deb/ubuntu/libnss3-dev?distro=trusty | ubuntu | libnss3-dev | < 3.28.4-0ubuntu0.14.04.5+esm12 | trusty | ||
Affected | pkg:deb/ubuntu/libnss3-1d?distro=xenial | ubuntu | libnss3-1d | < 3.28.4-0ubuntu0.16.04.14+esm4 | xenial | ||
Affected | pkg:deb/ubuntu/libnss3-1d?distro=trusty | ubuntu | libnss3-1d | < 3.28.4-0ubuntu0.14.04.5+esm12 | trusty |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |