Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in NSS (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in NSS (Aktualisierung)
ID: USN-4060-2
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 ESM, Ubuntu 14.04 ESM
Datum: Mi, 17. Juli 2019, 07:24
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719
Applikationen: NSS
Update von: Mehrere Probleme in NSS

Originalnachricht


--===============7611438466934197665==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="5vNYLRcllDrimb99"
Content-Disposition: inline


--5vNYLRcllDrimb99
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4060-2
July 16, 2019

nss vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in NSS.

Software Description:
- nss: Network Security Service library

Details:

USN-4060-1 fixed several vulnerabilities in nss. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing
certain curve25519 private keys. An attacker could use this issue to cause
NSS to crash, resulting in a denial of service, or possibly obtain
sensitive information. (CVE-2019-11719)

Jonas Allmann discovered that NSS incorrectly handled certain p256-ECDH
public keys. An attacker could possibly use this issue to cause NSS to
crash, resulting in a denial of service. (CVE-2019-11729)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
libnss3 2:3.28.4-0ubuntu0.14.04.5+esm1

Ubuntu 12.04 ESM:
libnss3 2:3.28.4-0ubuntu0.12.04.4

After a standard system update you need to restart any applications that
use NSS, such as Evolution, to make all the necessary changes.

References:
https://usn.ubuntu.com/4060-2
https://usn.ubuntu.com/4060-1
CVE-2019-11719, CVE-2019-11729

--5vNYLRcllDrimb99
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJdLgLHAAoJEEW851uECx9pjIIP/iEdY+2KAHOKQx1ZVnm6kjo5
O2FeVMX8aVwNdHvBAbg25Sj1ZoVCWkVdUI+HD+79J+z6iVO6W5kJW/ApGwAhDA9C
XSxIPZyeaJPLjK+1n1IUs5K9UAP9Rw+/IAo/g5Ddi06GelpHnoJ5Z9C96FklWsqM
JYmOs/8GY9+5FRcCl81xZPe1KYQxPSJziLReXpiL5CF4sjTT5TM6ZNdMyfYNBYtx
tJVCWrBce1AYreq+Bfi96jZ05AFKi4/Za2Ok2J1bx+kp9OY/2YYyJIIm2y/mmvTj
SgbaKSw1DIT91dOPwd0nDKGVv4UopJjHsKnwFJVfAUJZW6Zc/i//K1gFmnEnTsMV
6NSJgbLOES97SoZcVvX3343Z2JiMqHClRY/q/MmlqdKG7/wuFaqgB/g57cu5Odbr
bf+3Hai1YiRzaHT9fMflL45WS80vhsc9HzEezm63rgUtT1x3SgbuNXpAuTHdYkbo
Z8txSEl2Yj1BiWr6NR7QFnq915bA6NYXnacqL/vFKWs4fkjlBN15AYKdsGH6tAQq
EpNF9WahNahg1MNhgYmmMF/4gK6KbrGpq7xPxW7/c973MiL7wRjJVDYRhcslsDpH
w7NG4g+a2d9m4Gdjw/UMNMwtaFZopp8vM/ED4bMsTP6IbfPpbSBk2dMEc/DoeKaq
H+kXQoINF5YGjDke5PCT
=1gAi
-----END PGP SIGNATURE-----

--5vNYLRcllDrimb99--


--===============7611438466934197665==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung