Discover Government News

=========================================================================Ubuntu Security Notice USN-2864-1
January 07, 2016

nss vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

NSS could be made to expose sensitive information over the network.

Software Description:
- nss: Network Security Service library

Details:

Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly
allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were
able to perform a man-in-the-middle attack, this flaw could be exploited to
view sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.10:
  libnss3                         2:3.19.2.1-0ubuntu0.15.10.2

Ubuntu 15.04:
  libnss3                         2:3.19.2.1-0ubuntu0.15.04.2

Ubuntu 14.04 LTS:
  libnss3                         2:3.19.2.1-0ubuntu0.14.04.2

Ubuntu 12.04 LTS:
  libnss3                         3.19.2.1-0ubuntu0.12.04.2

After a standard system update you need to restart any applications that
use NSS, such as Evolution and Chromium, to make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2864-1
  CVE-2015-7575

Package Information:
  https://launchpad.net/ubuntu/+source/nss/2:3.19.2.1-0ubuntu0.15.10.2
  https://launchpad.net/ubuntu/+source/nss/2:3.19.2.1-0ubuntu0.15.04.2
  https://launchpad.net/ubuntu/+source/nss/2:3.19.2.1-0ubuntu0.14.04.2
  https://launchpad.net/ubuntu/+source/nss/3.19.2.1-0ubuntu0.12.04.2


Ubuntu 2864-1: NSS vulnerability

January 7, 2016
NSS could be made to expose sensitive information over the network.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: libnss3 2:3.19.2.1-0ubuntu0.15.10.2 Ubuntu 15.04: libnss3 2:3.19.2.1-0ubuntu0.15.04.2 Ubuntu 14.04 LTS: libnss3 2:3.19.2.1-0ubuntu0.14.04.2 Ubuntu 12.04 LTS: libnss3 3.19.2.1-0ubuntu0.12.04.2 After a standard system update you need to restart any applications that use NSS, such as Evolution and Chromium, to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2864-1

CVE-2015-7575

Severity
January 07, 2016

Package Information

https://launchpad.net/ubuntu/+source/nss/2:3.19.2.1-0ubuntu0.15.10.2 https://launchpad.net/ubuntu/+source/nss/2:3.19.2.1-0ubuntu0.15.04.2 https://launchpad.net/ubuntu/+source/nss/2:3.19.2.1-0ubuntu0.14.04.2 https://launchpad.net/ubuntu/+source/nss/3.19.2.1-0ubuntu0.12.04.2

Related News