UbuntuUpdates.org

Package "nss"

Name: nss

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Network Security Service tools

Latest version: 2:3.26.2-0ubuntu0.12.04.1
Release: precise (12.04)
Level: updates
Repository: universe

Links



Other versions of "nss" in Precise

Repository Area Version
base main 3.13.1.with.ckbi.1.88-1ubuntu6
base universe 3.13.1.with.ckbi.1.88-1ubuntu6
security main 2:3.26.2-0ubuntu0.12.04.1
security universe 2:3.26.2-0ubuntu0.12.04.1
updates main 2:3.26.2-0ubuntu0.12.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2:3.26.2-0ubuntu0.12.04.1 2017-01-04 18:06:41 UTC

  nss (2:3.26.2-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to upstream 3.26.2 to fix security issues and get a new CA
    certificate bundle.
  * SECURITY UPDATE: denial of service via invalid DH keys
    - CVE-2016-5285
  * SECURITY UPDATE: small subgroup confinement attack
    - CVE-2016-8635
  * SECURITY UPDATE: insufficient mitigation of timing side-channel attack
    - CVE-2016-9074
  * debian/rules: added libfreeblpriv3.so.
  * debian/libnss3.symbols: updated for new version, added
    SSL_GetCipherSuiteInfo and SSL_GetChannelInfo as they are not backwards
    compatible.
  * debian/patches/*.patch: refreshed for new version.
  * debian/rules: disable tests that fail to build with old GCC.
  * debian/patches/disable_chacha_test.patch: removed, no longer required.

 -- Marc Deslauriers <email address hidden> Fri, 02 Dec 2016 13:27:18 -0500

Source diff to previous version
CVE-2016-8635 small-subgroups attack flaw
CVE-2016-9074 existing mitigation of timing side-channel attacks insufficient

Version: 2:3.23-0ubuntu0.12.04.1 2016-07-11 20:06:54 UTC

  nss (2:3.23-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to upstream 3.23 to fix a security issue and get a new CA
    certificate bundle.
  * SECURITY UPDATE: multiple memory safety issues
    - CVE-2016-2834
  * debian/control: bump libnspr4-dev Build-Depends to 4.12.
  * debian/libnss3.symbols: updated for new version.
  * debian/patches/CVE-2016-1950.patch: dropped, upstream.
  * debian/patches/relax_dh_size.patch: removed, now require a minimum DH
    size of 1023 bits.
  * debian/patches/disable_chacha_test.patch: disable test incompatible
    with precise's old gcc.
  * debian/patches/*.patch: refreshed for new version.

 -- Marc Deslauriers <email address hidden> Thu, 07 Jul 2016 14:46:46 -0400

Source diff to previous version
CVE-2016-2834 Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (me
CVE-2016-1950 Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox

Version: 2:3.21-0ubuntu0.12.04.3 2016-03-09 18:06:53 UTC

  nss (2:3.21-0ubuntu0.12.04.3) precise-security; urgency=medium

  * SECURITY UPDATE: buffer overflow during ASN.1 decoding
    - debian/patches/CVE-2016-1950.patch: check lengths in
      nss/lib/util/secasn1d.c.
    - CVE-2016-1950

 -- Marc Deslauriers <email address hidden> Wed, 09 Mar 2016 07:38:47 -0500

Source diff to previous version

Version: 2:3.21-0ubuntu0.12.04.2 2016-02-23 18:06:54 UTC

  nss (2:3.21-0ubuntu0.12.04.2) precise-security; urgency=medium

  * debian/rules: fix versioning since the last update incorrectly added
    an epoch. (LP: #1547147)

 -- Marc Deslauriers <email address hidden> Mon, 22 Feb 2016 10:10:25 -0500

Source diff to previous version
1547147 libnss3-dev adds epoch 2 to the Version in pkg-config's pc file

Version: 2:3.21-0ubuntu0.12.04.1 2016-02-17 22:07:33 UTC

  nss (2:3.21-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Updated to upstream 3.21 to fix a security issue and get a new CA
    certificate bundle.
  * SECURITY UPDATE: improper division in mp_div and mp_exptmod
    - CVE-2016-1938
  * debian/libnss3.symbols: updated for new version.
  * debian/patches/95_add_spi+cacert_ca_certs.patch: dropped, no longer
    want the SPI cert
  * debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch: dropped, no
    longer needed
  * debian/patches/CVE-2015-7575.patch: dropped, upstream

 -- Marc Deslauriers <email address hidden> Thu, 04 Feb 2016 09:38:27 -0500

CVE-2016-1938 The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, imprope
CVE-2015-7575 MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature



About   -   Send Feedback to @ubuntu_updates