<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p>==========================================================================<br>
</p>
<div class="gmail_quote">
Ubuntu Security Notice USN-5872-1<br>
February 15, 2023<br>
<br>
nss vulnerabilities<br>
==============================<wbr>==============================<wbr>==============<br>
<br>
A security issue affects these releases of Ubuntu and its
derivatives:<br>
<br>
- Ubuntu 16.04 ESM<br>
- Ubuntu 14.04 ESM<br>
<br>
Summary:<br>
<br>
Several security issues were fixed in NSS.<br>
<br>
Software Description:<br>
- nss: Network Security Service library<br>
<br>
Details:<br>
<br>
Tavis Ormandy discovered that NSS incorrectly handled an empty
pkcs7<br>
sequence. A remote attacker could possibly use this issue to cause
NSS to<br>
crash, resulting in a denial of service. (CVE-2022-22747)<br>
<br>
Ronald Crane discovered that NSS incorrectly handled certain
memory<br>
operations. A remote attacker could use this issue to cause NSS to
crash,<br>
resulting in a denial of service, or possibly execute arbitrary
code.<br>
(CVE-2022-34480)<br>
<br>
Update instructions:<br>
<br>
The problem can be corrected by updating your system to the
following<br>
package versions:<br>
<br>
Ubuntu 16.04 ESM:<br>
libnss3 2:3.28.4-0ubuntu0.16.04.14+es<wbr>m3<br>
<br>
Ubuntu 14.04 ESM:<br>
libnss3 2:3.28.4-0ubuntu0.14.04.5+esm<wbr>11<br>
<br>
After a standard system update you need to restart any
applications that<br>
use NSS to make all the necessary changes.<br>
<br>
References:<br>
<a href="https://ubuntu.com/security/notices/USN-5872-1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://ubuntu.com/security/notices/USN-5872-1&source=gmail&ust=1676559767451000&usg=AOvVaw29S7mdeyhyzhD2_lmRgp15">https://ubuntu.com/security/no<wbr>tices/USN-5872-1</a><br>
CVE-2022-22747, CVE-2022-34480</div>
</body>
</html>