Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 476
Alerts This Week
Warning Icon 1 476

Ubuntu: 2452-1 Moderate: NSS Network Exposure Vulnerability

ubuntu
Calendar Grey January 7, 2015
Dist Ubuntu Esm H88
Ubuntu Security Advisory USN-2453-1 unveils a flaw in OpenSSL that could lead to illicit access to protected information. Patch your systems promptly for enhanced safety.
NSS could be made to expose sensitive information over the network.

Summary

NSS could be made to expose sensitive information over the network.

Software Description:

- nss: Network Security Service library

Details:

It was discovered that NSS incorrectly handled certain ASN.1 lengths. A

remote attacker could possibly use this issue to perform a data-smuggling

attack.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  libnss3                         2:3.17.1-0ubuntu1.1

Ubuntu 14.04 LTS:
  libnss3                         2:3.17.1-0ubuntu0.14.04.2

Ubuntu 12.04 LTS:
  libnss3                         3.17.1-0ubuntu0.12.04.2

Ubuntu 10.04 LTS:
  libnss3-1d                      3.17.1-0ubuntu0.10.04.2

After a standard system update you need to restart any applications
that use NSS, such as Evolution and Chromium, to make all the necessary
changes.

References

https://ubuntu.com/security/notices/USN-2452-1

CVE-2014-1569

January 07, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.