USN-6727-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-6727-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6727-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-6727-1

Related

Published

2024-04-10T13:40:08.464696Z

Modified

2024-04-10T13:40:08.464696Z

Summary

nss vulnerabilities

Details

It was discovered that NSS incorrectly handled padding when checking PKCS#1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. (CVE-2023-4421)

It was discovered that NSS had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover private data. (CVE-2023-5388)

It was discovered that NSS had a timing side-channel when using certain NIST curves. A remote attacker could possibly use this issue to recover private data. (CVE-2023-6135)

The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.98 which includes the latest CA certificate bundle and other security improvements.

References

Affected packages

Ubuntu:20.04:LTS / nss

Package

Name: nss
Purl: pkg:deb/ubuntu/nss@2:3.98-0ubuntu0.20.04.1?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:3.98-0ubuntu0.20.04.1

Affected versions

2:3.*

2:3.45-1ubuntu2

2:3.47-1ubuntu1

2:3.47-1ubuntu2

2:3.48-1ubuntu1

2:3.49.1-1ubuntu1

2:3.49.1-1ubuntu1.1

2:3.49.1-1ubuntu1.2

2:3.49.1-1ubuntu1.4

2:3.49.1-1ubuntu1.5

2:3.49.1-1ubuntu1.6

2:3.49.1-1ubuntu1.7

2:3.49.1-1ubuntu1.8

2:3.49.1-1ubuntu1.9

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "libnss3-tools": "2:3.98-0ubuntu0.20.04.1",
            "libnss3-dbgsym": "2:3.98-0ubuntu0.20.04.1",
            "libnss3": "2:3.98-0ubuntu0.20.04.1",
            "libnss3-dev": "2:3.98-0ubuntu0.20.04.1",
            "libnss3-tools-dbgsym": "2:3.98-0ubuntu0.20.04.1"
        }
    ]
}

Ubuntu:22.04:LTS / nss

Package

Name: nss
Purl: pkg:deb/ubuntu/nss@2:3.98-0ubuntu0.22.04.1?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:3.98-0ubuntu0.22.04.1

Affected versions

2:3.*

2:3.68-1ubuntu1

2:3.68-1ubuntu2

2:3.68.2-0ubuntu1

2:3.68.2-0ubuntu1.1

2:3.68.2-0ubuntu1.2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "libnss3-tools": "2:3.98-0ubuntu0.22.04.1",
            "libnss3-dbgsym": "2:3.98-0ubuntu0.22.04.1",
            "libnss3": "2:3.98-0ubuntu0.22.04.1",
            "libnss3-dev": "2:3.98-0ubuntu0.22.04.1",
            "libnss3-tools-dbgsym": "2:3.98-0ubuntu0.22.04.1"
        }
    ]
}

Ubuntu:23.10 / nss

Package

Name: nss
Purl: pkg:deb/ubuntu/nss@2:3.98-0ubuntu0.23.10.1?arch=src?distro=mantic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:3.98-0ubuntu0.23.10.1

Affected versions

2:3.*

2:3.87.1-1

2:3.89-2

2:3.90-3

2:3.91-1

2:3.92-1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "libnss3-tools": "2:3.98-0ubuntu0.23.10.1",
            "libnss3-dbgsym": "2:3.98-0ubuntu0.23.10.1",
            "libnss3": "2:3.98-0ubuntu0.23.10.1",
            "libnss3-dev": "2:3.98-0ubuntu0.23.10.1",
            "libnss3-tools-dbgsym": "2:3.98-0ubuntu0.23.10.1"
        }
    ]
}