Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 14.04 & 12.04 ESM: USN-4417-2 Critical NSS Timing Attack

ubuntu
Calendar Grey July 6, 2020
Dist Ubuntu Esm H88
Upgrade Ubuntu 14.04 and 12.04 ESM to address the NSS flaw that may lead to sensitive data leaks.
NSS could be made to expose sensitive information.

Summary

NSS could be made to expose sensitive information.

Software Description:

- nss: Network Security Service library

Details:

USN-4417-1 fixed a vulnerability in NSS. This update provides

the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered

that NSS incorrectly handled RSA key generation. A local attacker could

possibly use this issue to perform a timing attack and recover RSA keys.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  libnss3                         2:3.28.4-0ubuntu0.14.04.5+esm6

Ubuntu 12.04 ESM:
  libnss3                         2:3.28.4-0ubuntu0.12.04.9

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4417-2

https://ubuntu.com/security/notices/USN-4417-1

CVE-2020-12402

Severity
critical
Lowest
Low
Medium
High
Critical

July 06, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here