UbuntuUpdates.org

Package "nss"

Name: nss

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Network Security Service libraries
  • Network Security Service libraries - transitional package
  • Debugging symbols for the Network Security Service libraries
  • Development files for the Network Security Service libraries

Latest version: 2:3.28.4-0ubuntu0.16.04.4
Release: xenial (16.04)
Level: security
Repository: main

Links

Save this URL for the latest version of "nss": https://www.ubuntuupdates.org/nss



Other versions of "nss" in Xenial

Repository Area Version
base main 2:3.21-1ubuntu4
base universe 2:3.21-1ubuntu4
security universe 2:3.28.4-0ubuntu0.16.04.4
updates universe 2:3.28.4-0ubuntu0.16.04.4
updates main 2:3.28.4-0ubuntu0.16.04.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2:3.28.4-0ubuntu0.16.04.4 2019-01-09 19:07:05 UTC

  nss (2:3.28.4-0ubuntu0.16.04.4) xenial-security; urgency=medium

  * SECURITY UPDATE: side-channel attack on ECDSA signatures
    - debian/patches/CVE-2018-0495.patch: improve ecdsa and dsa in
      nss/lib/freebl/dsa.c, nss/lib/freebl/ec.c.
    - CVE-2018-0495
  * SECURITY UPDATE: ServerHello.random is all zero in v2 ClientHello
    - debian/patches/CVE-2018-12384-1.patch: fix random logic in
      nss/lib/ssl/ssl3con.c.
    - debian/patches/CVE-2018-12384-2.patch: add tests to
      nss/gtests/ssl_gtest/ssl_loopback_unittest.cc,
      nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
    - CVE-2018-12384
  * SECURITY UPDATE: cache side-channel variant of the Bleichenbacher attack
    - debian/patches/CVE-2018-12404-1.patch: improve RSA key exchange
      handling in nss/lib/ssl/ssl3con.c.
    - debian/patches/CVE-2018-12404-3.patch: add constant time
      mp_to_fixlen_octets in nss/gtests/freebl_gtest/mpi_unittest.cc,
      nss/lib/freebl/mpi/mpi.c, nss/lib/freebl/mpi/mpi.h.
    - CVE-2018-12404

 -- Marc Deslauriers <email address hidden> Fri, 14 Dec 2018 09:59:33 -0500

Source diff to previous version
CVE-2018-0495 Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of
CVE-2018-12384 ServerHello.random is all zero when handling a v2-compatible ClientHello
CVE-2018-12404 Cache side-channel variant of the Bleichenbacher attack

Version: 2:3.28.4-0ubuntu0.16.04.3 2017-10-02 15:06:57 UTC

  nss (2:3.28.4-0ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Use-after-free in TLS 1.2 generating handshake hashes
    - debian/patches/CVE-2017-7805.patch: Simplify handling of
      CertificateVerify in nss/lib/ssl/ssl3con.c, nss/lib/ssl/ssl3prot.h.
    - CVE-2017-7805

 -- Marc Deslauriers <email address hidden> Fri, 29 Sep 2017 08:54:11 -0400

Source diff to previous version

Version: 2:3.28.4-0ubuntu0.16.04.2 2017-06-21 17:06:47 UTC

  nss (2:3.28.4-0ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS via empty SSLv2 messages
    - debian/patches/CVE-2017-7502.patch: reject broken v2 records in
      nss/lib/ssl/ssl3gthr.c, nss/lib/ssl/ssldef.c, nss/lib/ssl/sslimpl.h,
      added tests to nss/gtests/ssl_gtest/ssl_gather_unittest.cc,
      nss/gtests/ssl_gtest/ssl_gtest.gyp, nss/gtests/ssl_gtest/manifest.mn,
      nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
    - CVE-2017-7502

 -- Marc Deslauriers <email address hidden> Fri, 16 Jun 2017 08:13:46 -0400

Source diff to previous version
CVE-2017-7502 Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by re

Version: 2:3.28.4-0ubuntu0.16.04.1 2017-04-27 17:06:57 UTC

  nss (2:3.28.4-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * Updated to upstream 3.28.4 to fix security issues and get a new CA
    certificate bundle.
  * SECURITY UPDATE: DES and Triple DES ciphers birthday attack
    - CVE-2016-2183
  * SECURITY UPDATE: out-of-bounds write in Base64 decoding
    - CVE-2017-5461
  * debian/patches/*.patch: refreshed for new version.
  * debian/control: bump libnspr4-dev to 4.13.1.
  * debian/libnss3.symbols: added new symbols.

 -- Marc Deslauriers <email address hidden> Wed, 26 Apr 2017 10:25:43 -0400

Source diff to previous version
CVE-2016-2183 The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately

Version: 2:3.26.2-0ubuntu0.16.04.2 2017-01-04 17:06:29 UTC

  nss (2:3.26.2-0ubuntu0.16.04.2) xenial-security; urgency=medium

  * Updated to upstream 3.26.2 to fix security issues and get a new CA
    certificate bundle.
  * SECURITY UPDATE: denial of service via invalid DH keys
    - CVE-2016-5285
  * SECURITY UPDATE: small subgroup confinement attack
    - CVE-2016-8635
  * SECURITY UPDATE: insufficient mitigation of timing side-channel attack
    - CVE-2016-9074
  * debian/rules: added libfreeblpriv3.so.
  * debian/libnss3.symbols: updated for new version, added
    SSL_GetCipherSuiteInfo and SSL_GetChannelInfo as they are not backwards
    compatible.
  * debian/patches/*.patch: refreshed for new version.
  * debian/rules: When building with -O3, build with -Wno-error=maybe-
    uninitialized to fix FTBFS on ppc64el and powerpc.

 -- Marc Deslauriers <email address hidden> Mon, 05 Dec 2016 07:17:18 -0500

CVE-2016-8635 small-subgroups attack flaw
CVE-2016-9074 existing mitigation of timing side-channel attacks insufficient



About   -   Send Feedback to @ubuntu_updates