Sicherheit: Preisgabe von Informationen in NSS

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============7234713223356734921==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="ZDvn80haXvzNMjE4aDsdO1FuL402tkDJW"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--ZDvn80haXvzNMjE4aDsdO1FuL402tkDJW
Content-Type: multipart/mixed;
boundary="zBOuqYSaBrt8PQQ7mIfBhNBmye2CJW3JK"

--zBOuqYSaBrt8PQQ7mIfBhNBmye2CJW3JK
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4417-1
July 06, 2020

nss vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 19.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

NSS could be made to expose sensitive information.

Software Description:
- nss: Network Security Service library

Details:

Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered
that NSS incorrectly handled RSA key generation. A local attacker could
possibly use this issue to perform a timing attack and recover RSA keys.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
libnss3 2:3.49.1-1ubuntu1.2

Ubuntu 19.10:
libnss3 2:3.45-1ubuntu2.4

Ubuntu 18.04 LTS:
libnss3 2:3.35-2ubuntu2.9

Ubuntu 16.04 LTS:
libnss3 2:3.28.4-0ubuntu0.16.04.12

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/4417-1
CVE-2020-12402

Package Information:
https://launchpad.net/ubuntu/+source/nss/2:3.49.1-1ubuntu1.2
https://launchpad.net/ubuntu/+source/nss/2:3.45-1ubuntu2.4
https://launchpad.net/ubuntu/+source/nss/2:3.35-2ubuntu2.9
https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.16.04.12

--zBOuqYSaBrt8PQQ7mIfBhNBmye2CJW3JK--

--ZDvn80haXvzNMjE4aDsdO1FuL402tkDJW
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl8Dfh0ACgkQZWnYVadE
vpNp6Q/9Fw2iXWKpORipe1jezH7/xGNmyJwdjQglGiK2XFHX8WFnSNIec8ARkl7o
i/3m7aQ67nG1/jSyMNq1M1g8GwxXk94aWa99+JZbandB50ihuLNVDXUAot7ub3qB
Sgn2rp+wixRd2S9kVsUXMOsYPyKh+yHcGr8tB3KVK2YoGAG1oe+WIShyHDoFVMzO
fndmhw1H9Nm6K/mtwvGo6sXayUf4NnMhpTkzyrXJQHDhVC6Jv877GUrQ7xNh6IYw
GUxAmI3a8EjCI880eaYc2Yox6IzaHrKKOejhVQbzGQr9MtYE57uToO3Wku1YPa3B
4x1xpGNTVlhswf36JwrQix78xRbj3gjM9mhvwWUUlXCfiozdfqywpdrFYi0zfk+B
hDyS90fJtd9rKNpXpUy6+5N/xhrr5wHkZS1SUqs6S9/f/dRUwNSmr5AnB+woSHZD
QHZEZM/JiCc62pwFStYJ934e622I9mnAwy7yVwdvh36gtw2sY1EJ0Dh0Ye76WDd0
4gBZxrNVmXFqJ6U4rxaLPnU+2J7Vgc71ssOLk30QjEqDEy4FJOOFaZvfuMZvqXYi
A2LYhtCUqJO5orgl1qNLnvH61K7J7vc3gJTNQdtPz0OMwkCgU5BuFnOJKQAYbD2g
ViJEZMOoD0FcmBNRtVHNQlIXjB82fA6oHY4lLkd0UGiGDPXx6g0=
=viN+
-----END PGP SIGNATURE-----

--ZDvn80haXvzNMjE4aDsdO1FuL402tkDJW--

--===============7234713223356734921==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============7234713223356734921==--