Lucene search
UbuntuUSN-3270-1HistoryApr 27, 2017 - 12:00 a.m.
NSS vulnerabilities
2017-04-2700:00:00
ubuntu.com
81
Releases
- Ubuntu 17.04
- Ubuntu 16.10
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Packages
- nss - Network Security Service library
Details
Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES
ciphers were vulnerable to birthday attacks. A remote attacker could
possibly use this flaw to obtain clear text data from long encrypted
sessions. This update causes NSS to limit use of the same symmetric key.
(CVE-2016-2183)
It was discovered that NSS incorrectly handled Base64 decoding. A remote
attacker could use this flaw to cause NSS to crash, resulting in a denial
of service, or possibly execute arbitrary code. (CVE-2017-5461)
This update refreshes the NSS package to version 3.28.4 which includes
the latest CA certificate bundle.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 17.04 | noarch | libnss3 | < 2:3.28.4-0ubuntu0.17.04.1 | UNKNOWN |
| Ubuntu | 17.04 | noarch | libnss3-dbg | < 2:3.28.4-0ubuntu0.17.04.1 | UNKNOWN |
| Ubuntu | 17.04 | noarch | libnss3-dbgsym | < 2:3.28.4-0ubuntu0.17.04.1 | UNKNOWN |
| Ubuntu | 17.04 | noarch | libnss3-dev | < 2:3.28.4-0ubuntu0.17.04.1 | UNKNOWN |
| Ubuntu | 17.04 | noarch | libnss3-dev-dbgsym | < 2:3.28.4-0ubuntu0.17.04.1 | UNKNOWN |
| Ubuntu | 17.04 | noarch | libnss3-tools | < 2:3.28.4-0ubuntu0.17.04.1 | UNKNOWN |
| Ubuntu | 17.04 | noarch | libnss3-tools-dbgsym | < 2:3.28.4-0ubuntu0.17.04.1 | UNKNOWN |
| Ubuntu | 16.10 | noarch | libnss3 | < 2:3.28.4-0ubuntu0.16.10.1 | UNKNOWN |
| Ubuntu | 16.10 | noarch | libnss3-dbg | < 2:3.28.4-0ubuntu0.16.10.1 | UNKNOWN |
| Ubuntu | 16.10 | noarch | libnss3-dbgsym | < 2:3.28.4-0ubuntu0.16.10.1 | UNKNOWN |
Related
openvas
openvas
Ubuntu: Security Advisory (USN-3270-1)
2017-04-28 00:00:00
Ubuntu: Security Advisory (USN-3372-1)
2022-08-26 00:00:00
CentOS Update for nss-util CESA-2017:1100 centos6
2017-04-21 00:00:00
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS : NSS vulnerabilities (USN-3270-1)
2017-04-28 00:00:00
EulerOS 2.0 SP2 : nss, nss-util (EulerOS-SA-2017-1076)
2017-05-03 00:00:00
RHEL 5 : nss (RHSA-2017:1101)
2018-08-29 00:00:00
ubuntu
ubuntu
NSS vulnerability
2017-07-31 00:00:00
ibm
ibm
Security Bulletin: IBM MQ Appliance is affected by a Network Security Services (NSS) vulnerability (CVE-2017-5461)
2019-08-13 19:16:48
Security Bulletin: IBM Security Access Manager Appliance is affected by a Network Security Services (NSS) vulnerability (CVE-2017-5461)
2018-06-16 22:01:47
Security Bulletin: A vulnerability in NSS affects PowerKVM
2018-06-18 01:36:14
oraclelinux
oraclelinux
nss and nss-util security update
2017-04-20 00:00:00
nss security update
2017-04-28 00:00:00
python security update
2018-07-03 00:00:00
cve
cve
redhat
redhat
(RHSA-2017:1102) Critical: nss-util security update
2017-04-20 01:01:41
(RHSA-2017:1101) Critical: nss security update
2017-04-20 00:00:00
(RHSA-2017:1100) Critical: nss and nss-util security update
2017-04-20 01:00:25
debiancve
debiancve
CVE-2017-5461
2017-05-11 01:29:00
alpinelinux
alpinelinux
CVE-2017-5461
2017-05-11 01:29:00
CVE-2016-2183
2016-09-01 00:59:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:16:53
Weak Encryption
2019-01-15 09:15:57
Information Disclosure
2017-01-09 02:06:31
osv
osv
CVE-2017-5461
2017-05-11 01:29:05
CVE-2016-2183
2016-09-01 00:59:00
Kyverno vulnerable due to usage of insecure cipher
2023-05-30 20:07:06
centos
centos
nss security update
2017-04-20 22:43:59
python, tkinter security update
2018-07-13 16:28:09
symantec
symantec
SA150: NSS Vulnerability April 2017
2017-05-25 08:00:00
SA133 : Sweet32 Birthday Attack against DES, 3DES, and Blowfish
2016-12-22 08:00:00
f5
f5
K12109859 : Mozilla NSS vulnerability CVE-2017-5461
2017-05-08 00:00:00
SOL13167034 - OpenSSL vulnerability CVE-2016-2183
2016-10-04 00:00:00
K13167034 : OpenSSL vulnerability CVE-2016-2183
2016-10-04 00:00:00
archlinux
archlinux
[ASA-201704-4] nss: arbitrary code execution
2017-04-20 00:00:00
[ASA-201705-21] lib32-nss: arbitrary code execution
2017-05-29 00:00:00
amazon
amazon
Critical: nss, nss-util
2017-04-27 00:04:00
redhatcve
redhatcve
CVE-2017-5461
2019-10-05 10:43:48
CVE-2023-0296
2023-01-16 14:05:12
prion
prion
Out-of-bounds
2017-05-11 01:29:00
Design/Logic Flaw
2016-09-01 00:59:00
Design/Logic Flaw
2023-01-17 21:15:00
ubuntucve
ubuntucve
CVE-2017-5461
2017-04-20 00:00:00
CVE-2016-2183
2016-08-31 00:00:00
cvelist
cvelist
hackerone
hackerone
Legal Robot: SWEET32 TLS attack
2017-01-18 18:03:52
Nextcloud: Nextcloud.com is vulnerable to SWEET32 attack
2017-01-18 18:23:36
UPchieve: Vulnerability Report - sweet32 UPchieve
2021-07-21 07:06:38
checkpoint_advisories
checkpoint_advisories
Weak SSL 3DES Cipher Suites (CVE-2016-2183)
2016-09-25 00:00:00
cloudfoundry
cloudfoundry
attackerkb
attackerkb
CVE-2016-2183
2016-09-01 00:00:00
threatpost
threatpost
New Collision Attacks Against 3DES, Blowfish Allow for Cookie Decryption
2016-08-24 08:00:39
OpenSSL Patches High-Severity OCSP Bug, Mitigates SWEET32 Attack
2016-09-23 15:47:13
github
github
Kyverno vulnerable due to usage of insecure cipher
2023-05-30 20:07:06
openssl
openssl
Vulnerability in OpenSSL CVE-2016-2183
2016-08-24 00:00:00
gentoo
gentoo
Mozilla Network Security Service (NSS): Multiple vulnerabilities
2017-05-07 00:00:00
freebsd
freebsd
NSS -- multiple vulnerabilities
2017-03-17 00:00:00
debian
debian
[SECURITY] [DLA 946-1] nss security update
2017-05-19 13:16:10
[SECURITY] [DSA 3872-1] nss security update
2017-06-01 21:02:48
fortinet
fortinet
Protect
2019-02-07 00:00:00
exploitpack
exploitpack
zdt
zdt
seebug
seebug
IBM Informix Dynamic Server Open Admin Tool RCE (CVE-2017-1092)
2017-05-24 00:00:00
slackware
slackware
[slackware-security] python
2016-12-28 21:09:54
hp
hp
Certain HP Printers may be vulnerable to 3DES Sweet32 Vulnerability
2022-12-05 00:00:00
packetstorm
packetstorm
IBM Informix Dynamic Server DLL Injection / Code Execution
2017-05-31 00:00:00
exploitdb
exploitdb