Ubuntu Security Notice 6727-2 - USN-6727-1 fixed vulnerabilities in NSS. The update introduced a regression when trying to load security modules on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This update fixes the problem. It was discovered that NSS incorrectly handled padding when checking PKCS#1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. It was discovered that NSS had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover private data. It was discovered that NSS had a timing side-channel when using certain NIST curves. A remote attacker could possibly use this issue to recover private data. The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.98 which includes the latest CA certificate bundle and other security improvements.
98f7aae4d30d1b37976aae71c2f8f3d1c09fb49865d4abec3139169342e9663aUbuntu Security Notice 6727-1 - It was discovered that NSS incorrectly handled padding when checking PKCS#1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. It was discovered that NSS had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover private data.
2c691be3dfb8ed61396b4eb86ac7b035f8344a516e272f6ffb13c26ac0186bd9Red Hat Security Advisory 2024-0791-03 - An update for nss is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an information leakage vulnerability.
6b440ad795c67af13c2cd17fd9dea9b4e5aa38d0e2a25eaf175eef0c0103e7edRed Hat Security Advisory 2024-0790-03 - An update for nss is now available for Red Hat Enterprise Linux 9. Issues addressed include an information leakage vulnerability.
babd996c75ae3e1305e05db231eaa43d8ae9ebc75f769f5a2d8251671b2a0451Red Hat Security Advisory 2024-0786-03 - An update for nss is now available for Red Hat Enterprise Linux 8. Issues addressed include an information leakage vulnerability.
215f23c25d3de6665be1648a7489bbc6c38398e91607f91802243a34846bc909Red Hat Security Advisory 2024-0785-03 - An update for nss is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include an information leakage vulnerability.
4d2a7bb8f95037ec080ec50a3f05b11e2c1f1df36dbab0aefb7928d678954dc6Ubuntu Security Notice 6562-2 - USN-6562-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. DoHyun Lee discovered that Firefox did not properly manage memory when used on systems with the Mesa VM driver. An attacker could potentially exploit this issue to execute arbitrary code. George Pantela and Hubert Kario discovered that Firefox using multiple NSS NIST curves which were susceptible to a side-channel attack known as "Minerva". An attacker could potentially exploit this issue to obtain sensitive information. Andrew Osmond discovered that Firefox did not properly validate the textures produced by remote decoders. An attacker could potentially exploit this issue to escape the sandbox.
b0f78c407c1b7675cfb31191c04f588fe6093e29a445623eb97e433bacb31e61Ubuntu Security Notice 6562-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. DoHyun Lee discovered that Firefox did not properly manage memory when used on systems with the Mesa VM driver. An attacker could potentially exploit this issue to execute arbitrary code.
846eb8dfb861c9d01f55a7af89d743f497ce5cdc0267b02af79b4fb656b223f2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed