UbuntuUpdates.org

Package "libnss3"

Name: libnss3

Description:

Network Security Service libraries

Latest version: 2:3.98-0ubuntu0.20.04.2
Release: focal (20.04)
Level: updates
Repository: main
Head package: nss
Homepage: http://www.mozilla.org/projects/security/pki/nss/

Links


Download "libnss3"


Other versions of "libnss3" in Focal

Repository Area Version
base main 2:3.49.1-1ubuntu1
security main 2:3.98-0ubuntu0.20.04.2

Changelog

Version: 2:3.98-0ubuntu0.20.04.2 2024-04-11 22:06:50 UTC

  nss (2:3.98-0ubuntu0.20.04.2) focal-security; urgency=medium

  * SECURITY REGRESSION: failure to open modules (LP: #2060906)
    - debian/patches/85_security_load.patch: fix broken patch preventing
      module loading.

 -- Marc Deslauriers <email address hidden> Thu, 11 Apr 2024 10:23:19 -0400

Source diff to previous version
2060906 attempt to add opensc using modutil suddenly fails

Version: 2:3.98-0ubuntu0.20.04.1 2024-04-10 20:06:54 UTC

  nss (2:3.98-0ubuntu0.20.04.1) focal-security; urgency=medium

  * Updated to upstream 3.98 to fix security issues and get a new CA
    certificate bundle.
    - CVE-2023-4421: PKCS#1 v1.5 Bleichenbacher-like attack
    - CVE-2023-5388: timing issue in RSA operations
    - CVE-2023-6135: side-channel in multiple NSS NIST curves
  * Removed patches included in new version:
    - debian/patches/set-tls1.2-as-minimum.patch
    - debian/patches/bz1608327-freebl-arm
    - debian/patches/CVE-*.patch
  * Updated patches for new version:
    - debian/patches/38_hppa.patch
    - debian/patches/85_security_load.patch
    - debian/patches/disable_fips_enabled_read.patch
  * debian/control: bump libnspr version to 2:4.34.
  * debian/libnss3.symbols: added new symbols.

 -- Marc Deslauriers <email address hidden> Thu, 21 Mar 2024 09:44:10 -0400

Source diff to previous version
CVE-2023-4421 The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of th
CVE-2023-5388 NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the pr
CVE-2023-6135 Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the

Version: 2:3.49.1-1ubuntu1.9 2023-02-27 15:06:59 UTC

  nss (2:3.49.1-1ubuntu1.9) focal-security; urgency=medium

  * SECURITY UPDATE: Arbitrary memory write via PKCS 12 in NSS
    - debian/patches/CVE-2023-0767.patch: improve handling of unknown
      PKCS#12 safe bag types in nss/lib/pkcs12/p12d.c,
      nss/lib/pkcs12/p12t.h, nss/lib/pkcs12/p12tmpl.c.
    - CVE-2023-0767

 -- Marc Deslauriers <email address hidden> Fri, 17 Feb 2023 09:50:54 -0500

Source diff to previous version

Version: 2:3.49.1-1ubuntu1.8 2022-07-07 14:06:37 UTC

  nss (2:3.49.1-1ubuntu1.8) focal-security; urgency=medium

  * SECURITY UPDATE: Crash when handling empty pkcs7 sequence
    - debian/patches/CVE-2022-22747.patch: check for missing signedData
      field in nss/gtests/certdb_gtest/decode_certs_unittest.cc,
      nss/lib/pkcs7/certread.c.
    - CVE-2022-22747
  * SECURITY UPDATE: Free of uninitialized pointer in lg_init
    - debian/patches/CVE-2022-34480.patch: rearrange frees in
      nss/lib/softoken/legacydb/lginit.c.
    - CVE-2022-34480

 -- Marc Deslauriers <email address hidden> Wed, 06 Jul 2022 07:23:47 -0400

Source diff to previous version

Version: 2:3.49.1-1ubuntu1.7 2022-05-11 10:06:27 UTC

  nss (2:3.49.1-1ubuntu1.7) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service through ChangeCipherSpec
    - debian/patches/CVE-2020-25648-1.patch: reject CCS when
      compatibility is not specify or if many CCS in a row in
      nss/gtests/ssl_gtest/ssl_tls13compat_unittest.cc,
      nss/lib/ssl/ssl3con.c and nss/lib/ssl/sslimpl.h.
    - debian/patches/CVE-2020-25648-2.patch: reject multiple CCS
      packages but allow the first one in
      nss/gtests/ssl_gtest/ssl_tls13compat_unittest.cc,
      nss/lib/ssl/ssl3con.c and nss/lib/ssl/sslimpl.h.
    - CVE-2020-25648

 -- David Fernandez Gonzalez <email address hidden> Mon, 09 May 2022 15:35:11 +0200

CVE-2020-25648 A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages,



About   -   Send Feedback to @ubuntu_updates