Ubuntu
nss package

nss 2:3.36.1-1ubuntu1.1 source package in Ubuntu

Changelog

nss (2:3.36.1-1ubuntu1.1) cosmic-security; urgency=medium

  * SECURITY UPDATE: side-channel attack on ECDSA signatures
    - debian/patches/CVE-2018-0495.patch: improve ecdsa and dsa in
      nss/lib/freebl/dsa.c, nss/lib/freebl/ec.c.
    - CVE-2018-0495
  * SECURITY UPDATE: ServerHello.random is all zero in v2 ClientHello
    - debian/patches/CVE-2018-12384-1.patch: fix random logic in
      nss/lib/ssl/ssl3con.c.
    - debian/patches/CVE-2018-12384-2.patch: add tests to
      nss/gtests/ssl_gtest/ssl_loopback_unittest.cc,
      nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
    - CVE-2018-12384
  * SECURITY UPDATE: cache side-channel variant of the Bleichenbacher attack
    - debian/patches/CVE-2018-12404-1.patch: improve RSA key exchange
      handling in nss/lib/ssl/ssl3con.c.
    - debian/patches/CVE-2018-12404-2.patch: improve padding checks in
      RSA_DecryptBlock in nss/gtests/freebl_gtest/rsa_unittest.cc,
      nss/lib/freebl/rsapkcs.c.
    - debian/patches/CVE-2018-12404-3.patch: add constant time
      mp_to_fixlen_octets in nss/gtests/freebl_gtest/mpi_unittest.cc,
      nss/lib/freebl/mpi/mpi.c, nss/lib/freebl/mpi/mpi.h.
    - CVE-2018-12404
  * debian/patches/stringop_truncation.patch: fix FTBFS.

 -- Marc Deslauriers <email address hidden>  Wed, 12 Dec 2018 14:44:32 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Cosmic
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
nss_3.36.1.orig.tar.gz 22.0 MiB 6025441d528ff6a7f1a4b673b6ee7d3540731ada3f78d5acd5c3b3736b222bff
nss_3.36.1-1ubuntu1.1.debian.tar.xz 35.0 KiB 4ce5058ee475de263c1382dc122ee55b464d359f092704b6117d5fb928079aeb
nss_3.36.1-1ubuntu1.1.dsc 2.3 KiB 69caab7cf6578a3d6b674fb6a2658c4b0b84ea70725cf87abadbb75c6f162d24

View changes file

Binary packages built by this source

libnss3: No summary available for libnss3 in ubuntu cosmic.

No description available for libnss3 in ubuntu cosmic.

libnss3-dbg: No summary available for libnss3-dbg in ubuntu cosmic.

No description available for libnss3-dbg in ubuntu cosmic.

libnss3-dev: No summary available for libnss3-dev in ubuntu cosmic.

No description available for libnss3-dev in ubuntu cosmic.

libnss3-tools: No summary available for libnss3-tools in ubuntu cosmic.

No description available for libnss3-tools in ubuntu cosmic.