Ubuntu Security Notice 4417-2 - USN-4417-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered that NSS incorrectly handled RSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover RSA keys. Various other issues were also addressed.
8cc46dfd734fdf34a52d97e8b2f176253a381484125d0877cf205886992e0c63=========================================================================
Ubuntu Security Notice USN-4417-2
July 06, 2020
nss vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
NSS could be made to expose sensitive information.
Software Description:
- nss: Network Security Service library
Details:
USN-4417-1 fixed a vulnerability in NSS. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered
that NSS incorrectly handled RSA key generation. A local attacker could
possibly use this issue to perform a timing attack and recover RSA keys.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
libnss3 2:3.28.4-0ubuntu0.14.04.5+esm6
Ubuntu 12.04 ESM:
libnss3 2:3.28.4-0ubuntu0.12.04.9
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://usn.ubuntu.com/4417-2
https://usn.ubuntu.com/4417-1
CVE-2020-12402
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed