You are here
Home > Preporuke > Sigurnosni nedostaci programske biblioteke NSS

Sigurnosni nedostaci programske biblioteke NSS

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4060-1
July 16, 2019

nss vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in NSS.

Software Description:
– nss: Network Security Service library

Details:

Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing
certain curve25519 private keys. An attacker could use this issue to cause
NSS to crash, resulting in a denial of service, or possibly obtain
sensitive information. (CVE-2019-11719)

Hubert Kario discovered that NSS incorrectly handled PKCS#1 v1.5 signatures
when using TLSv1.3. An attacker could possibly use this issue to trick NSS
into using PKCS#1 v1.5 signatures, contrary to expectations. This issue
only applied to Ubuntu 19.04. (CVE-2019-11727)

Jonas Allmann discovered that NSS incorrectly handled certain p256-ECDH
public keys. An attacker could possibly use this issue to cause NSS to
crash, resulting in a denial of service. (CVE-2019-11729)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
libnss3 2:3.42-1ubuntu2.1

Ubuntu 18.04 LTS:
libnss3 2:3.35-2ubuntu2.3

Ubuntu 16.04 LTS:
libnss3 2:3.28.4-0ubuntu0.16.04.6

After a standard system update you need to restart any applications that
use NSS, such as Evolution, to make all the necessary changes.

References:
https://usn.ubuntu.com/4060-1
CVE-2019-11719, CVE-2019-11727, CVE-2019-11729

Package Information:
https://launchpad.net/ubuntu/+source/nss/2:3.42-1ubuntu2.1
https://launchpad.net/ubuntu/+source/nss/2:3.35-2ubuntu2.3
https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.16.04.6

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0t0sUACgkQZWnYVadE
vpMCBxAAhl9CuQqkm0PzTNdykbIG+wr/5Nm7U2WiIQxzbJG+CHM39TIsOhxKhI9l
+Aobq7oWEzWAo7BlYXbakv04ZpjKNSGdIdjtFPKTZ8clPwgbS54413ypEw+PKe7w
1vl6ba36PqrX22u6Vgc/7iUi3g3W+sukPZmoFgJifN1B7XhKpbqFqV3AehsP6j+v
o6TLWE1x3sufSi2CrYePUvn6kkIPpN2Nmod0yjQbc2pFDELancdwPbvlm/ZndbkA
0EzHwCs/N5JsLmBPFPxlZfPlyc4eLu9+yJ/EAB0IPtDszNIkCeirUfWwGQBY8X8d
rwg7t29wEN8nXHJVwhuvVgoeXdeGuc7rqt61Y7IlihgdNuRIp1Tt9OTEwgLJG3V/
FcQ0DZlCweLiLlhVXrn+o5J+3tyjBCUSzKIU6sqvucnDyHQPaDQ24m6ssrdntfea
dJZyiInau5ZLxarkLJbQNWqG2vWAlTMp4wyXZ20V5B528pk/Wan+t7pZDdyvw8s1
H4YwBChdbTHWekUOBXZvhZwn7Kw9RZXZGADyuktuWlSlSWrnwFRNzkCketQD1DvO
dGk2EAtae0rddqBw3TiUO2HKK05Q531zOPZtaMrcG4PT00DJ/IDyBa/ottTozWk+
KALQ8jjDV7+oZzF29iCvM0YLpmVClszHFMX+R8OZK+shwP0qXVg=
=Wmi0
—–END PGP SIGNATURE—–

==========================================================================
Ubuntu Security Notice USN-4060-2
July 16, 2019

nss vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in NSS.

Software Description:
- nss: Network Security Service library

Details:

USN-4060-1 fixed several vulnerabilities in nss. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

 Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing
 certain curve25519 private keys. An attacker could use this issue to cause
 NSS to crash, resulting in a denial of service, or possibly obtain
 sensitive information. (CVE-2019-11719)

 Jonas Allmann discovered that NSS incorrectly handled certain p256-ECDH
 public keys. An attacker could possibly use this issue to cause NSS to
 crash, resulting in a denial of service. (CVE-2019-11729)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  libnss3                         2:3.28.4-0ubuntu0.14.04.5+esm1

Ubuntu 12.04 ESM:
  libnss3                         2:3.28.4-0ubuntu0.12.04.4

After a standard system update you need to restart any applications that
use NSS, such as Evolution, to make all the necessary changes.

References:
  https://usn.ubuntu.com/4060-2
  https://usn.ubuntu.com/4060-1
  CVE-2019-11719, CVE-2019-11729
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJdLgLHAAoJEEW851uECx9pjIIP/iEdY+2KAHOKQx1ZVnm6kjo5
O2FeVMX8aVwNdHvBAbg25Sj1ZoVCWkVdUI+HD+79J+z6iVO6W5kJW/ApGwAhDA9C
XSxIPZyeaJPLjK+1n1IUs5K9UAP9Rw+/IAo/g5Ddi06GelpHnoJ5Z9C96FklWsqM
JYmOs/8GY9+5FRcCl81xZPe1KYQxPSJziLReXpiL5CF4sjTT5TM6ZNdMyfYNBYtx
tJVCWrBce1AYreq+Bfi96jZ05AFKi4/Za2Ok2J1bx+kp9OY/2YYyJIIm2y/mmvTj
SgbaKSw1DIT91dOPwd0nDKGVv4UopJjHsKnwFJVfAUJZW6Zc/i//K1gFmnEnTsMV
6NSJgbLOES97SoZcVvX3343Z2JiMqHClRY/q/MmlqdKG7/wuFaqgB/g57cu5Odbr
bf+3Hai1YiRzaHT9fMflL45WS80vhsc9HzEezm63rgUtT1x3SgbuNXpAuTHdYkbo
Z8txSEl2Yj1BiWr6NR7QFnq915bA6NYXnacqL/vFKWs4fkjlBN15AYKdsGH6tAQq
EpNF9WahNahg1MNhgYmmMF/4gK6KbrGpq7xPxW7/c973MiL7wRjJVDYRhcslsDpH
w7NG4g+a2d9m4Gdjw/UMNMwtaFZopp8vM/ED4bMsTP6IbfPpbSBk2dMEc/DoeKaq
H+kXQoINF5YGjDke5PCT
=1gAi
-----END PGP SIGNATURE-----
-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
AutorToni Vugdelija
Cert idNCERT-REF-2019-07-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke expat

Otkriven je sigurnosni nedostatak programske biblioteke expat za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja. Savjetuje...

Close