[ubuntu/disco-updates] nss 2:3.42-1ubuntu2.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Jul 16 12:28:13 UTC 2019
nss (2:3.42-1ubuntu2.1) disco-security; urgency=medium
* SECURITY UPDATE: OOB read when importing a curve25519 private key
- debian/patches/CVE-2019-11719.patch: don't unnecessarily strip
leading 0's from key material during PKCS11 import in
nss/lib/freebl/ecl/ecp_25519.c, nss/lib/pk11wrap/pk11akey.c,
nss/lib/pk11wrap/pk11cert.c, nss/lib/pk11wrap/pk11pk12.c,
nss/lib/softoken/legacydb/lgattr.c, nss/lib/softoken/pkcs11c.c.
- CVE-2019-11719
* SECURITY UPDATE: incorrect use of PKCS#1 v1.5 signatures with TLSv1.3
- debian/patches/CVE-2019-11727.patch: prohibit use of
RSASSA-PKCS1-v1_5 algorithms in TLS 1.3 in
nss/gtests/ssl_gtest/ssl_auth_unittest.cc,
nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc,
nss/gtests/ssl_gtest/ssl_extension_unittest.cc,
nss/lib/ssl/ssl3con.c.
- CVE-2019-11727
* SECURITY UPDATE: segfault via empty or malformed p256-ECDH public keys
- debian/patches/CVE-2019-11729-1.patch: more thorough input checking
in nss/lib/cryptohi/seckey.c, nss/lib/freebl/dh.c,
nss/lib/freebl/ec.c, nss/lib/util/quickder.c.
- debian/patches/CVE-2019-11729-2.patch: ignore spki decode failures on
negative tests in nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc.
- CVE-2019-11729
Date: 2019-07-12 12:54:14.456184+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/nss/2:3.42-1ubuntu2.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Disco-changes
mailing list