Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu: 3850-2 Moderate: NSS Cache Timing And Replay Attacks

ubuntu
Calendar Grey February 18, 2019
Dist Ubuntu Esm H88
Several vulnerabilities corrected in Ubuntu Security Notice USN-3850-3, with essential patches suggested.
Several security issues were fixed in NSS.

Summary

Several security issues were fixed in NSS.

Software Description:

- nss: Network Security Service library

Details:

USN-3850-1 fixed several vulnerabilities in NSS. This update provides

the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 Keegan Ryan discovered that NSS incorrectly handled ECDSA key

 generation. A local attacker could possibly use this issue to perform

 a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495)

 It was discovered that NSS incorrectly handled certain v2-compatible

 ClientHello messages. A remote attacker could possibly use this issue

 to perform a replay attack. (CVE-2018-12384)

 It was discovered that NSS incorrectly handled certain padding

 oracles. A remote attacker could possibly use this issue to perform a

 variant of the Bleichenbacher attack. (CVE-2018-12404)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  libnss3                         2:3.28.4-0ubuntu0.12.04.2

After a standard system update you need to restart any applications
that use NSS, such as Evolution, to make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-3850-2

  https://ubuntu.com/security/notices/USN-3850-1

  CVE-2018-0495, CVE-2018-12384, CVE-2018-12404

Severity
important
Lowest
Low
Medium
High
Critical

February 18, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here