Unix News Tutorials Events and Stuff: [USN-1763-1] NSS vulnerability

Thursday, March 14, 2013

[USN-1763-1] NSS vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRQiTZAAoJEFHb3FjMVZVzPIAP/j4sZgeuLFlZECBbgt9XdALM
rY07Xv8uA9mGYWGvmdkpWbUzuy7G98qfctBFEQa8T4UDJkhd05ERVYvueYjmb2lK
jIhNvfOo0QSSfssRkrbB9PsYN/4hDt3o1ZWwns8tMrEC0ynmQooHRFtpnZftLueQ
lYveoh7vLvD2Ic3tt2cjyqbEApjYLLsTEX12hMZa9kWPng6E20jyPBr1AEkZWqfe
d5O5xZuUs4+m+624QcdinmgWItJUuDH85Q1od5sinFZXZKrSVk/kyh0jznthwLJI
W9xjeyR2P1ljcyn7B3nr2VieQUuKONmRJvyd1/5v3lTMAPEHFgsboZ1MP8OzzUMc
ZZtT5QohOA6WF8FEpbINqFBX3VxSdTo8UUJ/iP3oLH+7yMlVLQJFQFw7nMJSN7ZP
CpAzmi+IdztVLA251LSaM1OFdYsj9dlHupiYp8owuOaHXkxPebPTFyjRIou3y5SI
ZDaybhnHXx89UqlGht7iHcjjc0QE5rpxptZjNNhZzBC9Z5HvSYRX4IH1D4gbZWmb
hREOnSjctaFPmX0qjv6hW4pSh3Tz37CWcTd01kO+t3e37zhpmwOtDA4x3zFNz2ej
wXoNihLB2SJYgEZhyH+se6gF6S1IVYh3QvmY+BQCAbR/gBwje+uPXEbs6/8oWNDl
o8j1Qcytn62l7shN95EV
=0Mrg
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1763-1
March 14, 2013

nss vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS

Summary:

NSS could be made to expose sensitive information over the network.

Software Description:
- nss: Network Security Service library

Details:

Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used
in NSS was vulnerable to a timing side-channel attack known as the
"Lucky Thirteen" issue. A remote attacker could use this issue to perform
plaintext-recovery attacks via analysis of timing data.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
libnss3 3.14.3-0ubuntu0.12.10.1

Ubuntu 12.04 LTS:
libnss3 3.14.3-0ubuntu0.12.04.1

Ubuntu 11.10:
libnss3 3.14.3-0ubuntu0.11.10.1

Ubuntu 10.04 LTS:
libnss3-1d 3.14.3-0ubuntu0.10.04.1

After a standard system update you need to restart any applications that
use NSS, such as Evolution and Chromium, to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1763-1
CVE-2013-1620

Package Information:
https://launchpad.net/ubuntu/+source/nss/3.14.3-0ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/nss/3.14.3-0ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/nss/3.14.3-0ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/nss/3.14.3-0ubuntu0.10.04.1

Thursday, March 14, 2013

[USN-1763-1] NSS vulnerability

No comments:

Post a Comment