1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • NSS vulnerabilities

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Tuesday, June 16, 2020 16:10:02
    nss vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS
    * Ubuntu 19.10
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    Several security issues were fixed in NSS.

    Software Description

    * nss - Network Security Service library

    Details

    It was discovered that NSS incorrectly handled the TLS State
    Machine. A remote attacker could possibly use this issue to cause
    NSS to hang, resulting in a denial of service. This issue only
    affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-17023)

    Cesar Pereida Garcia discovered that NSS incorrectly handled DSA
    key generation. A local attacker could possibly use this issue to
    perform a timing attack and recover DSA keys. (CVE-2020-12399)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    libnss3 - 2:3.49.1-1ubuntu1.1

    Ubuntu 19.10
    libnss3 - 2:3.45-1ubuntu2.3

    Ubuntu 18.04 LTS
    libnss3 - 2:3.35-2ubuntu2.8

    Ubuntu 16.04 LTS
    libnss3 - 2:3.28.4-0ubuntu0.16.04.11

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to reboot your computer to
    make all the necessary changes.

    References

    * CVE-2019-17023
    * CVE-2020-12399

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Monday, August 10, 2020 16:10:04
    nss vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS
    * Ubuntu 14.04 ESM
    * Ubuntu 12.04 ESM

    Summary

    Several security issues were fixed in NSS.

    Software Description

    * nss - Network Security Service library

    Details

    It was discovered that NSS incorrectly handled certain signatures.
    An attacker could possibly use this issue to expose sensitive
    information. (CVE-2020-12400, CVE-2020-12401, CVE-2020-6829)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    libnss3 - 2:3.49.1-1ubuntu1.4

    Ubuntu 18.04 LTS
    libnss3 - 2:3.35-2ubuntu2.11

    Ubuntu 16.04 LTS
    libnss3 - 2:3.28.4-0ubuntu0.16.04.13

    Ubuntu 14.04 ESM
    libnss3 - 2:3.28.4-0ubuntu0.14.04.5+esm7

    Ubuntu 12.04 ESM
    libnss3 - 2:3.28.4-0ubuntu0.12.04.10

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to reboot your computer to
    make all the necessary changes.

    References

    * CVE-2020-12400
    * CVE-2020-12401
    * CVE-2020-6829

    --- Mystic BBS v1.12 A46 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)