Lucene search

UbuntuUSN-4060-1

HistoryJul 16, 2019 - 12:00 a.m.

NSS vulnerabilities

2019-07-1600:00:00

ubuntu.com

133

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

8.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.013 Low

EPSS

Percentile

85.6%

JSON

Releases

Ubuntu 19.04
Ubuntu 18.04 ESM
Ubuntu 16.04 ESM

Packages

nss - Network Security Service library

Details

Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing
certain curve25519 private keys. An attacker could use this issue to cause
NSS to crash, resulting in a denial of service, or possibly obtain
sensitive information. (CVE-2019-11719)

Hubert Kario discovered that NSS incorrectly handled PKCS#1 v1.5 signatures
when using TLSv1.3. An attacker could possibly use this issue to trick NSS
into using PKCS#1 v1.5 signatures, contrary to expectations. This issue
only applied to Ubuntu 19.04. (CVE-2019-11727)

Jonas Allmann discovered that NSS incorrectly handled certain p256-ECDH
public keys. An attacker could possibly use this issue to cause NSS to
crash, resulting in a denial of service. (CVE-2019-11729)

OSVersionArchitecturePackageVersionFilename
Ubuntu19.04noarchlibnss3< 2:3.42-1ubuntu2.1UNKNOWN
Ubuntu19.04noarchlibnss3-dbgsym< 2:3.42-1ubuntu2.1UNKNOWN
Ubuntu19.04noarchlibnss3-dev< 2:3.42-1ubuntu2.1UNKNOWN
Ubuntu19.04noarchlibnss3-tools< 2:3.42-1ubuntu2.1UNKNOWN
Ubuntu19.04noarchlibnss3-tools-dbgsym< 2:3.42-1ubuntu2.1UNKNOWN
Ubuntu18.04noarchlibnss3< 2:3.35-2ubuntu2.3UNKNOWN
Ubuntu18.04noarchlibnss3-dbg< 2:3.35-2ubuntu2.3UNKNOWN
Ubuntu18.04noarchlibnss3-dev< 2:3.35-2ubuntu2.3UNKNOWN
Ubuntu18.04noarchlibnss3-tools< 2:3.35-2ubuntu2.3UNKNOWN
Ubuntu16.04noarchlibnss3< 2:3.28.4-0ubuntu0.16.04.6UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	19.04	noarch	libnss3	< 2:3.42-1ubuntu2.1	UNKNOWN
Ubuntu	19.04	noarch	libnss3-dbgsym	< 2:3.42-1ubuntu2.1	UNKNOWN
Ubuntu	19.04	noarch	libnss3-dev	< 2:3.42-1ubuntu2.1	UNKNOWN
Ubuntu	19.04	noarch	libnss3-tools	< 2:3.42-1ubuntu2.1	UNKNOWN
Ubuntu	19.04	noarch	libnss3-tools-dbgsym	< 2:3.42-1ubuntu2.1	UNKNOWN
Ubuntu	18.04	noarch	libnss3	< 2:3.35-2ubuntu2.3	UNKNOWN
Ubuntu	18.04	noarch	libnss3-dbg	< 2:3.35-2ubuntu2.3	UNKNOWN
Ubuntu	18.04	noarch	libnss3-dev	< 2:3.35-2ubuntu2.3	UNKNOWN
Ubuntu	18.04	noarch	libnss3-tools	< 2:3.35-2ubuntu2.3	UNKNOWN
Ubuntu	16.04	noarch	libnss3	< 2:3.28.4-0ubuntu0.16.04.6	UNKNOWN