Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

Ubuntu: 2452-1 Moderate: NSS Network Exposure Vulnerability

Calendar Jan 07, 2015 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory information exposure ubuntu data leak network security service
NSS could be made to expose sensitive information over the network. 
=========================================================================Ubuntu Security Notice USN-2452-1
January 07, 2015

nss vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

NSS could be made to expose sensitive information over the network.

Software Description:
- nss: Network Security Service library

Details:

It was discovered that NSS incorrectly handled certain ASN.1 lengths. A
remote attacker could possibly use this issue to perform a data-smuggling
attack.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  libnss3                         2:3.17.1-0ubuntu1.1

Ubuntu 14.04 LTS:
  libnss3                         2:3.17.1-0ubuntu0.14.04.2

Ubuntu 12.04 LTS:
  libnss3                         3.17.1-0ubuntu0.12.04.2

Ubuntu 10.04 LTS:
  libnss3-1d                      3.17.1-0ubuntu0.10.04.2

After a standard system update you need to restart any applications
that use NSS, such as Evolution and Chromium, to make all the necessary
changes.

References:
  https://ubuntu.com/security/notices/USN-2452-1
  CVE-2014-1569

Package Information:
  https://launchpad.net/ubuntu/+source/nss/2:3.17.1-0ubuntu1.1
  https://launchpad.net/ubuntu/+source/nss/2:3.17.1-0ubuntu0.14.04.2
  https://launchpad.net/ubuntu/+source/nss/3.17.1-0ubuntu0.12.04.2
  https://launchpad.net/ubuntu/+source/nss/3.17.1-0ubuntu0.10.04.2

Ubuntu: 2452-1 Moderate: NSS Network Exposure Vulnerability

ubuntu
Calendar Grey January 7, 2015
Dist Ubuntu Esm H88
Ubuntu Security Advisory USN-2453-1 unveils a flaw in OpenSSL that could lead to illicit access to protected information. Patch your systems promptly for enhanced safety.
NSS could be made to expose sensitive information over the network.

Summary

Topics%20covered

Topics Covered

security advisory information exposure ubuntu data leak network security service

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: libnss3 2:3.17.1-0ubuntu1.1 Ubuntu 14.04 LTS: libnss3 2:3.17.1-0ubuntu0.14.04.2 Ubuntu 12.04 LTS: libnss3 3.17.1-0ubuntu0.12.04.2 Ubuntu 10.04 LTS: libnss3-1d 3.17.1-0ubuntu0.10.04.2 After a standard system update you need to restart any applications that use NSS, such as Evolution and Chromium, to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2452-1

CVE-2014-1569

January 07, 2015

Topics%20covered

Topics Covered

security advisory information exposure ubuntu data leak network security service

Package Information

https://launchpad.net/ubuntu/+source/nss/2:3.17.1-0ubuntu1.1 https://launchpad.net/ubuntu/+source/nss/2:3.17.1-0ubuntu0.14.04.2 https://launchpad.net/ubuntu/+source/nss/3.17.1-0ubuntu0.12.04.2 https://launchpad.net/ubuntu/+source/nss/3.17.1-0ubuntu0.10.04.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here