Several security issues were fixed in NSS.
Software Description:
- nss: Network Security Service library
Details:
It was discovered that NSS incorrectly handled padding when checking PKCS#1
certificates. A remote attacker could possibly use this issue to perform
Bleichenbacher-like attacks and recover private data. This issue only
affected Ubuntu 20.04 LTS. (CVE-2023-4421)
It was discovered that NSS had a timing side-channel when performing RSA
decryption. A remote attacker could possibly use this issue to recover
private data. (CVE-2023-5388)
It was discovered that NSS had a timing side-channel when using certain
NIST curves. A remote attacker could possibly use this issue to recover
private data. (CVE-2023-6135)
The NSS package contained outdated CA certificates. This update refreshes
the NSS package to version 3.98 which includes the latest CA certificate
bundle and other security improvements.
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: libnss3 2:3.98-0ubuntu0.23.10.1 Ubuntu 22.04 LTS: libnss3 2:3.98-0ubuntu0.22.04.1 Ubuntu 20.04 LTS: libnss3 2:3.98-0ubuntu0.20.04.1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6727-1
CVE-2023-4421, CVE-2023-5388, CVE-2023-6135
Get the latest Linux and open source security news straight to your inbox.