UbuntuUpdates.org

Package "libnss3-tools"

Name: libnss3-tools

Description:

Network Security Service tools
Latest version: 2:3.98-0ubuntu0.22.04.2
Release: jammy (22.04)
Level: updates
Repository: universe
Head package: nss
Homepage: http://www.mozilla.org/projects/security/pki/nss/tools/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libnss3-tools"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libnss3-tools" in Jammy

Repository Area Version
base universe 2:3.68.2-0ubuntu1
security universe 2:3.98-0ubuntu0.22.04.2

Changelog

Version: 2:3.98-0ubuntu0.22.04.2 2024-04-11 22:06:53 UTC

  nss (2:3.98-0ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY REGRESSION: failure to open modules (LP: #2060906)
    - debian/patches/85_security_load.patch: fix broken patch preventing
      module loading.

 -- Marc Deslauriers <email address hidden> Thu, 11 Apr 2024 10:19:22 -0400
Source diff to previous version
2060906 attempt to add opensc using modutil suddenly fails

Version: 2:3.98-0ubuntu0.22.04.1 2024-04-10 20:06:56 UTC

  nss (2:3.98-0ubuntu0.22.04.1) jammy-security; urgency=medium

  * Updated to upstream 3.98 to fix security issues and get a new CA
    certificate bundle.
    - CVE-2023-5388: timing issue in RSA operations
    - CVE-2023-6135: side-channel in multiple NSS NIST curves
  * Removed patches included in new version:
    - debian/patches/set-tls1.2-as-minimum.patch
    - debian/patches/CVE-2022-34480.patch
    - debian/patches/CVE-2023-0767.patch
  * Updated patches for new version:
    - debian/patches/38_hppa.patch
    - debian/patches/85_security_load.patch
    - debian/patches/disable_fips_enabled_read.patch
    - debian/patches/fix-ftbfs-s390x.patch
  * debian/control: bump libnspr version to 2:4.34.
  * debian/libnss3.symbols: added new symbols.

 -- Marc Deslauriers <email address hidden> Thu, 21 Mar 2024 09:44:10 -0400
Source diff to previous version
CVE-2023-5388 NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the pr
CVE-2023-6135 Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the
CVE-2022-34480 Within the <code>lg_init()</code> function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite
CVE-2023-0767 An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mi

Version: 2:3.68.2-0ubuntu1.2 2023-02-27 15:07:03 UTC

  nss (2:3.68.2-0ubuntu1.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Arbitrary memory write via PKCS 12 in NSS
    - debian/patches/CVE-2023-0767.patch: improve handling of unknown
      PKCS#12 safe bag types in nss/lib/pkcs12/p12d.c,
      nss/lib/pkcs12/p12t.h, nss/lib/pkcs12/p12tmpl.c.
    - CVE-2023-0767

 -- Marc Deslauriers <email address hidden> Fri, 17 Feb 2023 09:50:18 -0500
Source diff to previous version

Version: 2:3.68.2-0ubuntu1.1 2022-07-07 14:06:45 UTC

  nss (2:3.68.2-0ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Free of uninitialized pointer in lg_init
    - debian/patches/CVE-2022-34480.patch: rearrange frees in
      nss/lib/softoken/legacydb/lginit.c.
    - CVE-2022-34480

 -- Marc Deslauriers <email address hidden> Wed, 06 Jul 2022 07:19:37 -0400


About   -   Send Feedback to @ubuntu_updates