Package "nss"

Name:	nss
Description:	This package is just an umbrella for a group of other packages, it has no description. Description samples from packages in group: Network Security Service tools
Latest version:	2:3.28.4-0ubuntu0.16.04.14
Release:	xenial (16.04)
Level:	security
Repository:	universe

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Other versions of "nss" in Xenial

Repository	Area	Version
base	main	2:3.21-1ubuntu4
base	universe	2:3.21-1ubuntu4
security	main	2:3.28.4-0ubuntu0.16.04.14
updates	main	2:3.28.4-0ubuntu0.16.04.14
updates	universe	2:3.28.4-0ubuntu0.16.04.14

Packages in group

Deleted packages are displayed in grey.

libnss3-tools

Changelog

Version: 2:3.28.4-0ubuntu0.16.04.9 2019-12-09 14:07:44 UTC

nss (2:3.28.4-0ubuntu0.16.04.9) xenial-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-17007.patch: check got some certs in collect_certs r=jcj in nss/lib/pkcs7/certread.c. - CVE-2019-17007 -- <email address hidden> (Leonidas S. Barbosa) Thu, 05 Dec 2019 13:25:47 -0300

Source diff to previous version

CVE-2019-17007

nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS

Version: 2:3.28.4-0ubuntu0.16.04.8 2019-11-27 17:06:32 UTC

nss (2:3.28.4-0ubuntu0.16.04.8) xenial-security; urgency=medium * SECURITY UPDATE: out-of-bounds write in NSC_EncryptUpdate - debian/patches/CVE-2019-11745.patch: use maxout not block size in nss/lib/softoken/pkcs11c.c. - CVE-2019-11745 * Note: this does _not_ contain the changes from 2:3.28.4-0ubuntu0.16.04.7 in xenial-proposed. -- Marc Deslauriers <email address hidden> Tue, 26 Nov 2019 08:53:56 -0500

Source diff to previous version

CVE-2019-11745

Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate

Version: 2:3.28.4-0ubuntu0.16.04.6 2019-07-16 13:07:19 UTC

Version: 2:3.28.4-0ubuntu0.16.04.6	2019-07-16 13:07:19 UTC
nss (2:3.28.4-0ubuntu0.16.04.6) xenial-security; urgency=medium * SECURITY UPDATE: OOB read when importing a curve25519 private key - debian/patches/CVE-2019-11719.patch: don't unnecessarily strip leading 0's from key material during PKCS11 import in nss/lib/freebl/ecl/ecp_25519.c, nss/lib/pk11wrap/pk11akey.c, nss/lib/pk11wrap/pk11cert.c, nss/lib/pk11wrap/pk11pk12.c, nss/lib/softoken/legacydb/lgattr.c, nss/lib/softoken/pkcs11c.c. - CVE-2019-11719 * SECURITY UPDATE: segfault via empty or malformed p256-ECDH public keys - debian/patches/CVE-2019-11729-1.patch: more thorough input checking in nss/lib/cryptohi/seckey.c, nss/lib/freebl/dh.c, nss/lib/freebl/ec.c, nss/lib/util/quickder.c. - CVE-2019-11729 -- Marc Deslauriers <email address hidden> Fri, 12 Jul 2019 08:23:50 -0400
Source diff to previous version

nss (2:3.28.4-0ubuntu0.16.04.6) xenial-security; urgency=medium * SECURITY UPDATE: OOB read when importing a curve25519 private key - debian/patches/CVE-2019-11719.patch: don't unnecessarily strip leading 0's from key material during PKCS11 import in nss/lib/freebl/ecl/ecp_25519.c, nss/lib/pk11wrap/pk11akey.c, nss/lib/pk11wrap/pk11cert.c, nss/lib/pk11wrap/pk11pk12.c, nss/lib/softoken/legacydb/lgattr.c, nss/lib/softoken/pkcs11c.c. - CVE-2019-11719 * SECURITY UPDATE: segfault via empty or malformed p256-ECDH public keys - debian/patches/CVE-2019-11729-1.patch: more thorough input checking in nss/lib/cryptohi/seckey.c, nss/lib/freebl/dh.c, nss/lib/freebl/ec.c, nss/lib/util/quickder.c. - CVE-2019-11729 -- Marc Deslauriers <email address hidden> Fri, 12 Jul 2019 08:23:50 -0400

Source diff to previous version

Version: 2:3.28.4-0ubuntu0.16.04.5 2019-02-27 18:06:29 UTC

nss (2:3.28.4-0ubuntu0.16.04.5) xenial-security; urgency=medium * SECURITY UPDATE: DoS in NULL pointer dereference in CMS functions - debian/patches/CVE-2018-18508-1.patch: add null checks in nss/lib/smime/cmscinfo.c, nss/lib/smime/cmsdigdata.c, nss/lib/smime/cmsencdata.c, nss/lib/smime/cmsenvdata.c, nss/lib/smime/cmsmessage.c, nss/lib/smime/cmsudf.c. - debian/patches/CVE-2018-18508-2.patch: add null checks in nss/lib/smime/cmsmessage.c. - CVE-2018-18508 -- Marc Deslauriers <email address hidden> Tue, 19 Feb 2019 13:39:44 +0100

Source diff to previous version

CVE-2018-18508

NULL pointer dereference in several CMS functions resulting in a denial of service

Version: 2:3.28.4-0ubuntu0.16.04.4 2019-01-09 19:07:10 UTC

nss (2:3.28.4-0ubuntu0.16.04.4) xenial-security; urgency=medium * SECURITY UPDATE: side-channel attack on ECDSA signatures - debian/patches/CVE-2018-0495.patch: improve ecdsa and dsa in nss/lib/freebl/dsa.c, nss/lib/freebl/ec.c. - CVE-2018-0495 * SECURITY UPDATE: ServerHello.random is all zero in v2 ClientHello - debian/patches/CVE-2018-12384-1.patch: fix random logic in nss/lib/ssl/ssl3con.c. - debian/patches/CVE-2018-12384-2.patch: add tests to nss/gtests/ssl_gtest/ssl_loopback_unittest.cc, nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc. - CVE-2018-12384 * SECURITY UPDATE: cache side-channel variant of the Bleichenbacher attack - debian/patches/CVE-2018-12404-1.patch: improve RSA key exchange handling in nss/lib/ssl/ssl3con.c. - debian/patches/CVE-2018-12404-3.patch: add constant time mp_to_fixlen_octets in nss/gtests/freebl_gtest/mpi_unittest.cc, nss/lib/freebl/mpi/mpi.c, nss/lib/freebl/mpi/mpi.h. - CVE-2018-12404 -- Marc Deslauriers <email address hidden> Fri, 14 Dec 2018 09:59:33 -0500

CVE-2018-0495	Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of
CVE-2018-12384	ServerHello.random is all zero when handling a v2-compatible ClientHello
CVE-2018-12404	Cache side-channel variant of the Bleichenbacher attack

About - Send Feedback to @ubuntu_updates

Package "nss"

Links

Other versions of "nss" in Xenial

Packages in group

Changelog

Share this page

Bookmarks

Latest updates

proposed

updates

PPA updates