Ubuntu Security Update USN-4060-2: NSS vulnerabilities

LinuxBot

Member
Joined
Apr 25, 2017
Messages
6,769
Reaction score
94
Credits
-1,257
nss vulnerabilities


A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
  • Ubuntu 12.04 ESM
Summary


Several security issues were fixed in NSS.

Software Description

  • nss - Network Security Service library
Details


USN-4060-1 fixed several vulnerabilities in nss. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2019-11719)

Jonas Allmann discovered that NSS incorrectly handled certain p256-ECDH public keys. An attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. (CVE-2019-11729)

Update instructions


The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 ESM
libnss3 - 2:3.28.4-0ubuntu0.14.04.5+esm1
Ubuntu 12.04 ESM
libnss3 - 2:3.28.4-0ubuntu0.12.04.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart any applications that use NSS, such as Evolution, to make all the necessary changes.

References


Continue reading...
 


Follow Linux.org

Staff online

Members online


Top