UBUNTU-CVE-2016-8635

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2016-8635

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-8635.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-8635

Related

Published

2016-11-17T00:00:00Z

Modified

2016-11-17T00:00:00Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.

References

Affected packages

Ubuntu:14.04:LTS / nss

Package

Name: nss
Purl: pkg:deb/ubuntu/nss@2:3.26.2-0ubuntu0.14.04.3?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:3.26.2-0ubuntu0.14.04.3

Affected versions

2:3.*

2:3.15.1-1ubuntu1

2:3.15.2-1

2:3.15.3-1

2:3.15.3.1-1

2:3.15.3.1-1.1

2:3.15.3.1-1.1ubuntu1

2:3.15.4-1ubuntu3

2:3.15.4-1ubuntu4

2:3.15.4-1ubuntu5

2:3.15.4-1ubuntu6

2:3.15.4-1ubuntu7

2:3.15.4-1ubuntu7.1

2:3.17-0ubuntu0.14.04.1

2:3.17.1-0ubuntu0.14.04.1

2:3.17.1-0ubuntu0.14.04.2

2:3.17.4-0ubuntu0.14.04.1

2:3.19.2-0ubuntu0.14.04.1

2:3.19.2.1-0ubuntu0.14.04.1

2:3.19.2.1-0ubuntu0.14.04.2

2:3.21-0ubuntu0.14.04.1

2:3.21-0ubuntu0.14.04.2

2:3.23-0ubuntu0.14.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "libnss3-nssdb": "2:3.26.2-0ubuntu0.14.04.3",
            "libnss3-1d": "2:3.26.2-0ubuntu0.14.04.3",
            "libnss3-dbgsym": "2:3.26.2-0ubuntu0.14.04.3",
            "libnss3": "2:3.26.2-0ubuntu0.14.04.3",
            "libnss3-dev": "2:3.26.2-0ubuntu0.14.04.3",
            "libnss3-dbg": "2:3.26.2-0ubuntu0.14.04.3",
            "libnss3-tools": "2:3.26.2-0ubuntu0.14.04.3",
            "libnss3-tools-dbgsym": "2:3.26.2-0ubuntu0.14.04.3"
        }
    ]
}

Ubuntu:16.04:LTS / nss

Package

Name: nss
Purl: pkg:deb/ubuntu/nss@2:3.26.2-0ubuntu0.16.04.2?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:3.26.2-0ubuntu0.16.04.2

Affected versions

2:3.*

2:3.19.2-1ubuntu1

2:3.19.2.1-0ubuntu1

2:3.21-1ubuntu2

2:3.21-1ubuntu3

2:3.21-1ubuntu4

2:3.23-0ubuntu0.16.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "libnss3-nssdb": "2:3.26.2-0ubuntu0.16.04.2",
            "libnss3-1d": "2:3.26.2-0ubuntu0.16.04.2",
            "libnss3-dbgsym": "2:3.26.2-0ubuntu0.16.04.2",
            "libnss3": "2:3.26.2-0ubuntu0.16.04.2",
            "libnss3-dev": "2:3.26.2-0ubuntu0.16.04.2",
            "libnss3-dbg": "2:3.26.2-0ubuntu0.16.04.2",
            "libnss3-tools": "2:3.26.2-0ubuntu0.16.04.2",
            "libnss3-tools-dbgsym": "2:3.26.2-0ubuntu0.16.04.2"
        }
    ]
}