Ubuntu.comUB:CVE-2017-5462CVE-2017-5462
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.007 Low
EPSS
Percentile
80.3%
A flaw in DRBG number generation within the Network Security Services (NSS)
library where the internal state V does not correctly carry bits over. The
NSS library has been updated to fix this issue to address this issue and
Firefox ESR 52.1 has been updated with NSS version 3.28.4. This
vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR <
52.1, and Firefox < 53.
Notes
| Author | Note |
|---|---|
| leosilva | fixed for nss in precise after version upgrade |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 14.04 | noarch | firefox | < 53.0+build6-0ubuntu0.14.04.1 | UNKNOWN |
| ubuntu | 16.04 | noarch | firefox | < 53.0+build6-0ubuntu0.16.04.1 | UNKNOWN |
| ubuntu | 16.10 | noarch | firefox | < 53.0+build6-0ubuntu0.16.10.1 | UNKNOWN |
| ubuntu | 17.04 | noarch | firefox | < 53.0+build6-0ubuntu0.17.04.1 | UNKNOWN |
| ubuntu | 14.04 | noarch | nss | < 2:3.28.4-0ubuntu0.14.04.1 | UNKNOWN |
| ubuntu | 16.04 | noarch | nss | < 2:3.28.4-0ubuntu0.16.04.1 | UNKNOWN |
| ubuntu | 16.10 | noarch | nss | < 2:3.28.4-0ubuntu0.16.10.1 | UNKNOWN |
| ubuntu | 17.04 | noarch | nss | < 2:3.28.4-0ubuntu0.17.04.1 | UNKNOWN |
| ubuntu | 14.04 | noarch | thunderbird | < 1:52.1.1+build1-0ubuntu0.14.04.1 | UNKNOWN |
| ubuntu | 16.04 | noarch | thunderbird | < 1:52.1.1+build1-0ubuntu0.16.04.1 | UNKNOWN |
References
launchpad.net/bugs/cve/CVE-2017-5462
nvd.nist.gov/vuln/detail/CVE-2017-5462
security-tracker.debian.org/tracker/CVE-2017-5462
ubuntu.com/security/notices/USN-3260-1
ubuntu.com/security/notices/USN-3278-1
www.cve.org/CVERecord?id=CVE-2017-5462
www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5462
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.007 Low
EPSS
Percentile
80.3%