nss 2:3.35-2ubuntu2.1 source package in Ubuntu

Changelog

nss (2:3.35-2ubuntu2.1) bionic-security; urgency=medium

  * SECURITY UPDATE: side-channel attack on ECDSA signatures
    - debian/patches/CVE-2018-0495.patch: improve ecdsa and dsa in
      nss/lib/freebl/dsa.c, nss/lib/freebl/ec.c.
    - CVE-2018-0495
  * SECURITY UPDATE: ServerHello.random is all zero in v2 ClientHello
    - debian/patches/CVE-2018-12384-1.patch: fix random logic in
      nss/lib/ssl/ssl3con.c.
    - debian/patches/CVE-2018-12384-2.patch: add tests to
      nss/gtests/ssl_gtest/ssl_loopback_unittest.cc,
      nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
    - CVE-2018-12384
  * SECURITY UPDATE: cache side-channel variant of the Bleichenbacher attack
    - debian/patches/CVE-2018-12404-1.patch: improve RSA key exchange
      handling in nss/lib/ssl/ssl3con.c.
    - debian/patches/CVE-2018-12404-2.patch: improve padding checks in
      RSA_DecryptBlock in nss/gtests/freebl_gtest/rsa_unittest.cc,
      nss/lib/freebl/rsapkcs.c.
    - debian/patches/CVE-2018-12404-3.patch: add constant time
      mp_to_fixlen_octets in nss/gtests/freebl_gtest/mpi_unittest.cc,
      nss/lib/freebl/mpi/mpi.c, nss/lib/freebl/mpi/mpi.h.
    - CVE-2018-12404

 -- Marc Deslauriers <email address hidden>  Wed, 12 Dec 2018 14:51:11 -0500

Upload details

Uploaded by:
Marc Deslauriers on 2019-01-07
Uploaded to:
Bionic
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Bionic updates on 2019-01-09 main libs
Bionic security on 2019-01-09 main libs

Downloads

File Size SHA-256 Checksum
nss_3.35.orig.tar.gz 9.2 MiB f4127de09bede39f5fd0f789d33c3504c5d261e69ea03022d46b319b3e32f6fa
nss_3.35-2ubuntu2.1.debian.tar.xz 35.6 KiB f6b7d564c452920d204dd0cb1bae111ec12a814eae6ebe0f3573ec17b5d56c86
nss_3.35-2ubuntu2.1.dsc 2.3 KiB 56a49b9507e5ac27d50b6b4a9e42d41e8450f210fa130740a0c630f60cfcea37

View changes file

Binary packages built by this source

libnss3: Network Security Service libraries

 This is a set of libraries designed to support cross-platform development
 of security-enabled client and server applications. It can support SSLv2
 and v4, TLS, PKCS #5, #7, #11, #12, S/MIME, X.509 v3 certificates and
 other security standards.

libnss3-dbg: Debugging symbols for the Network Security Service libraries

 This is a set of libraries designed to support cross-platform development
 of security-enabled client and server applications. It can support SSLv2
 and v4, TLS, PKCS #5, #7, #11, #12, S/MIME, X.509 v3 certificates and
 other security standards.
 .
 This package provides the debugging symbols for the library.

libnss3-dev: Development files for the Network Security Service libraries

 This is a set of libraries designed to support cross-platform development
 of security-enabled client and server applications. It can support SSLv2
 and v4, TLS, PKCS #5, #7, #11, #12, S/MIME, X.509 v3 certificates and
 other security standards.
 .
 Install this package if you wish to develop your own programs using the
 Network Security Service Libraries.

libnss3-tools: Network Security Service tools

 This is a set of tools on top of the Network Security Service libraries.
 This package includes:
  * certutil: manages certificate and key databases (cert7.db and key3.db)
  * modutil: manages the database of PKCS11 modules (secmod.db)
  * pk12util: imports/exports keys and certificates between the cert/key
    databases and files in PKCS12 format.
  * shlibsign: creates .chk files for use in FIPS mode.
  * signtool: creates digitally-signed jar archives containing files and/or
    code.
  * ssltap: proxy requests for an SSL server and display the contents of
    the messages exchanged between the client and server.