[ubuntu/precise-updates] nss 2:3.28.4-0ubuntu0.12.04.11 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Mon May 3 14:07:29 UTC 2021
nss (2:3.28.4-0ubuntu0.12.04.11) precise-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2020-12403-2.patch: fix incorrect call to ChaChaPoly1305 by PKCS11
in nss/lib/freebl/chacha20poly1305.c.
- CVE-2020-12403
nss (2:3.28.4-0ubuntu0.12.04.10) precise-security; urgency=medium
* SECURITY UPDATE: Side-channel attack
- debian/patches/CVE-2020-12400-and-6829-*.patch: use constant-time
P-384 and P-521 in nss/lib/freebl/ecl/ecl-priv.h, nss/lib/freebl/ecl/ecl.c,
nss/lib/freebl/ecl/ecl_spec384r1.c, nss/lib/freebl/freebl_base.gypi,
nss/lib/freebl/manifest.mn, nss/test/ec/ectest.sh.
- CVE-2020-12400
- CVE-2020-6829
* SECURITY UPDATE: Timing attack mitigation bypass
- debian/patches/CVE-2020-12401.patch: remove unnecessary scalar
padding in nss/lib/freebl/ec.c.
- CVE-2020-12401
nss (2:3.28.4-0ubuntu0.12.04.9) precise-security; urgency=medium
* SECURITY UPDATE: Side channel vulnerability
- debian/patches/CVE-2020-12402.patch: reduce
side-channel leaks in nss/lib/freebl/mpi/mpi.c,
nss/lib/freebl/mpi/mpi.h, nss/lib/freebl/mpi/mplogic.c.
- CVE-2020-12402
nss (2:3.28.4-0ubuntu0.12.04.8) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: Timing attack during DSA key generation
- debian/patches/CVE-2020-12399.patch: force a fixed length for DSA
exponentiation in nss/lib/freebl/dsa.c.
- CVE-2020-12399
nss (2:3.28.4-0ubuntu0.12.04.7) precise-security; urgency=medium
* SECURITY UPDATE: Possible wrong length for cryptographic primitives input
- debian/patches/CVE-2019-17006.patch: adds checks for length of crypto
primitives in nss/lib/freebl/chacha20poly1305.c,
nss/lib/freebl/ctr.c, nss/lib/freebl/gcm.c,
nss/lib/freebl/intel-gcm-wrap.c,
nss/lib/freebl/rsapkcs.c.
- CVE-2019-17006
nss (2:3.28.4-0ubuntu0.12.04.6) precise-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-17007.patch: check got some certs in
collect_certs r=jcj in nss/lib/pkcs7/certread.c.
- CVE-2019-17007
nss (2:3.28.4-0ubuntu0.12.04.5) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: out-of-bounds write in NSC_EncryptUpdate
- debian/patches/CVE-2019-11745.patch: use maxout not block size in
nss/lib/softoken/pkcs11c.c.
- CVE-2019-11745
* Note: this does _not_ contain the changes from 2:3.35-2ubuntu2.4 in
disco-proposed.
nss (2:3.28.4-0ubuntu0.12.04.4) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: OOB read when importing a curve25519 private key
- debian/patches/CVE-2019-11719.patch: don't unnecessarily strip
leading 0's from key material during PKCS11 import in
nss/lib/freebl/ecl/ecp_25519.c, nss/lib/pk11wrap/pk11akey.c,
nss/lib/pk11wrap/pk11cert.c, nss/lib/pk11wrap/pk11pk12.c,
nss/lib/softoken/legacydb/lgattr.c, nss/lib/softoken/pkcs11c.c.
- CVE-2019-11719
* SECURITY UPDATE: segfault via empty or malformed p256-ECDH public keys
- debian/patches/CVE-2019-11729-1.patch: more thorough input checking
in nss/lib/cryptohi/seckey.c, nss/lib/freebl/dh.c,
nss/lib/freebl/ec.c, nss/lib/util/quickder.c.
- CVE-2019-11729
nss (2:3.28.4-0ubuntu0.12.04.3) precise-security; urgency=medium
* SECURITY UPDATE: DoS in NULL pointer dereference in CMS functions
- debian/patches/CVE-2018-18508-1.patch: add null checks in
nss/lib/smime/cmscinfo.c, nss/lib/smime/cmsdigdata.c,
nss/lib/smime/cmsencdata.c, nss/lib/smime/cmsenvdata.c,
nss/lib/smime/cmsmessage.c, nss/lib/smime/cmsudf.c.
- debian/patches/CVE-2018-18508-2.patch: add null checks in
nss/lib/smime/cmsmessage.c.
- CVE-2018-18508
nss (2:3.28.4-0ubuntu0.12.04.2) precise-security; urgency=medium
* SECURITY UPDATE: Use-after-free in TLS 1.2 generating handshake hashes
- debian/patches/CVE-2017-7805.patch: Simplify handling of
CertificateVerify in nss/lib/ssl/ssl3con.c, nss/lib/ssl/ssl3prot.h.
- CVE-2017-7805
* SECURITY UPDATE: side-channel attack on ECDSA signatures
- debian/patches/CVE-2018-0495.patch: improve ecdsa and dsa in
nss/lib/freebl/dsa.c, nss/lib/freebl/ec.c.
- CVE-2018-0495
* SECURITY UPDATE: ServerHello.random is all zero in v2 ClientHello
- debian/patches/CVE-2018-12384-1.patch: fix random logic in
nss/lib/ssl/ssl3con.c.
- debian/patches/CVE-2018-12384-2.patch: add tests to
nss/gtests/ssl_gtest/ssl_loopback_unittest.cc,
nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
- CVE-2018-12384
* SECURITY UPDATE: cache side-channel variant of the Bleichenbacher attack
- debian/patches/CVE-2018-12404-1.patch: improve RSA key exchange
handling in nss/lib/ssl/ssl3con.c.
- debian/patches/CVE-2018-12404-3.patch: add constant time
mp_to_fixlen_octets in nss/gtests/freebl_gtest/mpi_unittest.cc,
nss/lib/freebl/mpi/mpi.c, nss/lib/freebl/mpi/mpi.h.
- CVE-2018-12404
nss (2:3.28.4-0ubuntu0.12.04.1) precise-security; urgency=medium
* Updated to upstream 3.28.4 to fix security issues and get new CA
certificate bundle.
* SECURITY UPDATE: DoS via empty SSLv2 messages
- debian/patches/CVE-2017-7502.patch: reject broken v2 records in
nss/lib/ssl/ssl3gthr.c, nss/lib/ssl/ssldef.c, nss/lib/ssl/sslimpl.h,
added tests to nss/gtests/ssl_gtest/ssl_gather_unittest.cc,
nss/gtests/ssl_gtest/ssl_gtest.gyp, nss/gtests/ssl_gtest/manifest.mn,
nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc.
- CVE-2017-7502
* debian/patches/99_jarfile_ftbfs.patch: removed, upstream.
* debian/patches/*.patch: refreshed for new version.
* debian/control: bump libnspr4-dev to 4.13.1.
* debian/libnss3.symbols: added new symbols.
Date: 2020-08-24 19:49:12.266574+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.12.04.11
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list