USN-3029-1: NSS vulnerability

Packages

nss - Network Security Service library

Details

Tyson Smith and Jed Davis discovered that NSS incorrectly handled memory. A
remote attacker could use this issue to cause NSS to crash, resulting in a
denial of service, or possibly execute arbitrary code.

This update refreshes the NSS package to version 3.23 which includes
the latest CA certificate bundle. As a security improvement, this update
also modifies NSS behaviour to reject DH key sizes below 1024 bits,
preventing a possible downgrade attack.

Tyson Smith and Jed Davis discovered that NSS incorrectly handled memory. A
remote attacker could use this issue to cause NSS to crash, resulting in a
denial of service, or possibly execute arbitrary code.

This update refreshes the NSS package to version 3.23 which includes
the latest CA certificate bundle. As a security improvement, this update
also modifies NSS behaviour to reject DH key sizes below 1024 bits,
preventing a possible downgrade attack.

Update instructions

This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use NSS, such as Evolution and Chromium, to make all the necessary changes.

Learn more about how to get the fixes.

Ubuntu Release	Package Version
16.04 xenial	libnss3 – 2:3.23-0ubuntu0.16.04.1
15.10 wily	libnss3 – 2:3.23-0ubuntu0.15.10.1
14.04 trusty	libnss3 – 2:3.23-0ubuntu0.14.04.1
12.04 precise	libnss3 – 2:3.23-0ubuntu0.12.04.1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

CVE-2016-2834

CVE-2016-2834

USN-2993-1

USN-2993-1

Packages

Details

Update instructions

Reduce your security exposure

References

Related notices