-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmYYNu8ACgkQZWnYVadE
vpPzSw/+P3ROyMC0qxc5kHvU4rcUxB0Ey8d6/JBwdlod+eyCkroIWOWT5IcSe1qJ
m64zHWoB/fVwLLDGfMAuZzCoeuZVVPvXy0F94+xfBRtvuUKrRUNHuU7XY3R0XjW7
eRBdfwFQ3dFpJid98CYTR9RHJsco5U3e4Fx+U9UUnI9+CecYeUnG9Do+F7pE9b3y
F0/LcNjbuctSfkoCVMPPrUS/xhFhL9rkLj7D2xYGWeSuh8FJoqHqOPR+TXopxMGi
SYKdGi4pYn7yN8oYJUQo1vjXjW3Bc61rhk/Z87Qh5EoTswUhbebS43qj/F4le6va
udrMPuDNmDLjpj/w1f9mu6l8QxObauT2/dTAMhsmKlDldKTrq2oVNkkbKkFuWrnT
xibAz6ke+rFHji37kmvmzpZ6K/ILWN3EVhjNL9ixSZpVWXmd386/j4DeEFpM/YXV
8akrhP71whoKPvN7LDCV6q7S8oidlTjGEODyvG4os9Y1diZTcqMtrbn2F1Jtw88t
MsVxJZaC1yMhR2w/YA9sPvSnQn2gdaW7akrDtf+ZKAZvF7ysCy1LuRdNpInWhBSc
5bJ1Stpc5XeifW9HPhlGU/ClOJJPMwicWCPhgNbirGwrzjcmWWvv0V492fZjre0z
1POa2vaUoqJXIczB646UWUWbq0TIc/mYniu8WFZWDrvUscCdXdM=
=l6I7
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6727-2
April 11, 2024
nss regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
USN-6727-1 introduced a regression in NSS.
Software Description:
- nss: Network Security Service library
Details:
USN-6727-1 fixed vulnerabilities in NSS. The update introduced a regression
when trying to load security modules on Ubuntu 20.04 LTS and Ubuntu 22.04
LTS. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that NSS incorrectly handled padding when checking PKCS#1
certificates. A remote attacker could possibly use this issue to perform
Bleichenbacher-like attacks and recover private data. This issue only
affected Ubuntu 20.04 LTS. (CVE-2023-4421)
It was discovered that NSS had a timing side-channel when performing RSA
decryption. A remote attacker could possibly use this issue to recover
private data. (CVE-2023-5388)
It was discovered that NSS had a timing side-channel when using certain
NIST curves. A remote attacker could possibly use this issue to recover
private data. (CVE-2023-6135)
The NSS package contained outdated CA certificates. This update refreshes
the NSS package to version 3.98 which includes the latest CA certificate
bundle and other security improvements.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
libnss3 2:3.98-0ubuntu0.22.04.2
Ubuntu 20.04 LTS:
libnss3 2:3.98-0ubuntu0.20.04.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6727-2
https://ubuntu.com/security/notices/USN-6727-1
https://launchpad.net/bugs/2060906
Package Information:
https://launchpad.net/ubuntu/+source/nss/2:3.98-0ubuntu0.22.04.2
https://launchpad.net/ubuntu/+source/nss/2:3.98-0ubuntu0.20.04.2
No comments:
Post a Comment