UbuntuUpdates.org

Package "libnss3-tools"

Name: libnss3-tools

Description:

Network Security Service tools

Latest version: 2:3.28.4-0ubuntu0.14.04.5
Release: trusty (14.04)
Level: updates
Repository: main
Head package: nss
Homepage: http://www.mozilla.org/projects/security/pki/nss/tools/

Links


Download "libnss3-tools"


Other versions of "libnss3-tools" in Trusty

Repository Area Version
base main 2:3.15.4-1ubuntu7
security main 2:3.28.4-0ubuntu0.14.04.5

Changelog

Version: 2:3.26.2-0ubuntu0.14.04.3 2017-01-04 18:06:44 UTC

  nss (2:3.26.2-0ubuntu0.14.04.3) trusty-security; urgency=medium

  * Updated to upstream 3.26.2 to fix security issues and get a new CA
    certificate bundle.
  * SECURITY UPDATE: denial of service via invalid DH keys
    - CVE-2016-5285
  * SECURITY UPDATE: small subgroup confinement attack
    - CVE-2016-8635
  * SECURITY UPDATE: insufficient mitigation of timing side-channel attack
    - CVE-2016-9074
  * debian/rules: added libfreeblpriv3.so.
  * debian/libnss3.symbols: updated for new version, added
    SSL_GetCipherSuiteInfo and SSL_GetChannelInfo as they are not backwards
    compatible.
  * debian/patches/*.patch: refreshed for new version.
  * debian/rules: When building with -O3, build with -Wno-error=maybe-
    uninitialized to fix FTBFS on ppc64el.
  * debian/patches/99_jarfile_ftbfs.patch: fix FTBFS on powerpc.

 -- Marc Deslauriers <email address hidden> Mon, 05 Dec 2016 07:19:11 -0500

Source diff to previous version
CVE-2016-8635 small-subgroups attack flaw
CVE-2016-9074 existing mitigation of timing side-channel attacks insufficient

Version: 2:3.23-0ubuntu0.14.04.1 2016-07-11 20:06:56 UTC

  nss (2:3.23-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * Updated to upstream 3.23 to fix a security issue and get a new CA
    certificate bundle.
  * SECURITY UPDATE: multiple memory safety issues
    - CVE-2016-2834
  * debian/control: bump libnspr4-dev Build-Depends to 2:4.12.
  * debian/libnss3.symbols: updated for new version.
  * debian/patches/CVE-2016-1950.patch: dropped, upstream.
  * debian/patches/ftbfs_ppc64el.patch: dropped, no longer needed.
  * debian/patches/relax_dh_size.patch: removed, now require a minimum DH
    size of 1023 bits.
  * debian/patches/*.patch: refreshed for new version.

 -- Marc Deslauriers <email address hidden> Thu, 07 Jul 2016 14:09:52 -0400

Source diff to previous version
CVE-2016-2834 Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (me
CVE-2016-1950 Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox

Version: 2:3.21-0ubuntu0.14.04.2 2016-03-09 18:06:54 UTC

  nss (2:3.21-0ubuntu0.14.04.2) trusty-security; urgency=medium

  * SECURITY UPDATE: buffer overflow during ASN.1 decoding
    - debian/patches/CVE-2016-1950.patch: check lengths in
      nss/lib/util/secasn1d.c.
    - CVE-2016-1950

 -- Marc Deslauriers <email address hidden> Wed, 09 Mar 2016 07:38:11 -0500

Source diff to previous version

Version: 2:3.21-0ubuntu0.14.04.1 2016-02-17 22:07:36 UTC

  nss (2:3.21-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * Updated to upstream 3.21 to fix a security issue and get a new CA
    certificate bundle.
  * SECURITY UPDATE: improper division in mp_div and mp_exptmod
    - CVE-2016-1938
  * debian/libnss3.symbols: updated for new version.
  * debian/patches/95_add_spi+cacert_ca_certs.patch: dropped, no longer
    want the SPI cert
  * debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch: dropped, no
    longer needed
  * debian/patches/CVE-2015-7575.patch: dropped, upstream
  * debian/patches/ftbfs_ppc64el.patch: don't enable -Werror on ppc64el,
    there are too many uninitialized variable false positives.

 -- Marc Deslauriers <email address hidden> Thu, 04 Feb 2016 09:38:27 -0500

Source diff to previous version
CVE-2016-1938 The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, imprope
CVE-2015-7575 MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature

Version: 2:3.19.2.1-0ubuntu0.14.04.2 2016-01-07 23:07:20 UTC

  nss (2:3.19.2.1-0ubuntu0.14.04.2) trusty-security; urgency=medium

  * SECURITY UPDATE: incorrect MD5 support with TLS 1.2
    - debian/patches/CVE-2015-7575.patch: remove MD5 in
      nss/lib/ssl/ssl3con.c.
    - CVE-2015-7575

 -- Marc Deslauriers Thu, 07 Jan 2016 13:23:37 -0500

CVE-2015-7575 MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature



About   -   Send Feedback to @ubuntu_updates