What Are You Looking For?

Sign Up
=========================================================================Ubuntu Security Notice USN-2452-1
January 07, 2015

nss vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

NSS could be made to expose sensitive information over the network.

Software Description:
- nss: Network Security Service library

Details:

It was discovered that NSS incorrectly handled certain ASN.1 lengths. A
remote attacker could possibly use this issue to perform a data-smuggling
attack.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  libnss3                         2:3.17.1-0ubuntu1.1

Ubuntu 14.04 LTS:
  libnss3                         2:3.17.1-0ubuntu0.14.04.2

Ubuntu 12.04 LTS:
  libnss3                         3.17.1-0ubuntu0.12.04.2

Ubuntu 10.04 LTS:
  libnss3-1d                      3.17.1-0ubuntu0.10.04.2

After a standard system update you need to restart any applications
that use NSS, such as Evolution and Chromium, to make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-2452-1
  CVE-2014-1569

Package Information:
  https://launchpad.net/ubuntu/+source/nss/2:3.17.1-0ubuntu1.1
  https://launchpad.net/ubuntu/+source/nss/2:3.17.1-0ubuntu0.14.04.2
  https://launchpad.net/ubuntu/+source/nss/3.17.1-0ubuntu0.12.04.2
  https://launchpad.net/ubuntu/+source/nss/3.17.1-0ubuntu0.10.04.2

Ubuntu 2452-1: NSS vulnerability

January 7, 2015
NSS could be made to expose sensitive information over the network.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: libnss3 2:3.17.1-0ubuntu1.1 Ubuntu 14.04 LTS: libnss3 2:3.17.1-0ubuntu0.14.04.2 Ubuntu 12.04 LTS: libnss3 3.17.1-0ubuntu0.12.04.2 Ubuntu 10.04 LTS: libnss3-1d 3.17.1-0ubuntu0.10.04.2 After a standard system update you need to restart any applications that use NSS, such as Evolution and Chromium, to make all the necessary changes.

References

https://www.ubuntu.com/usn/usn-2452-1

CVE-2014-1569

Severity
January 07, 2015

Package Information

https://launchpad.net/ubuntu/+source/nss/2:3.17.1-0ubuntu1.1 https://launchpad.net/ubuntu/+source/nss/2:3.17.1-0ubuntu0.14.04.2 https://launchpad.net/ubuntu/+source/nss/3.17.1-0ubuntu0.12.04.2 https://launchpad.net/ubuntu/+source/nss/3.17.1-0ubuntu0.10.04.2

Related News

TCP Authentication Option "TCP-AO" Support Nears For The Linux Kernel

Sep 12, 2023

Cilium 1.14 Expands Networking Beyond Kubernetes, Offers Higher Speeds

Jul 29, 2023

Linux Tries to Dump Windows' Notoriously Insecure RNDIS Protocol

Oct 5, 2023

Notorious Downfall & Inception Microcode Info Disclosure Vulns Fixed

Aug 24, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo