USN-4397-1

Details

It was discovered that NSS incorrectly handled the TLS State Machine. A remote attacker could possibly use this issue to cause NSS to hang, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-17023)

Cesar Pereida Garcia discovered that NSS incorrectly handled DSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover DSA keys. (CVE-2020-12399)

Affected Packages

Ubuntu:16.04:LTSnss

Fixed in:

2:3.28.4-0ubuntu0.16.04.11

Ubuntu:18.04:LTSnss

Fixed in:

2:3.35-2ubuntu2.8

Ubuntu:20.04:LTSnss

Fixed in:

2:3.49.1-1ubuntu1.1

References

REPORThttps://ubuntu.com/security/CVE-2019-17023 REPORThttps://ubuntu.com/security/CVE-2020-12399 ADVISORYhttps://ubuntu.com/security/notices/USN-4397-1

USN-4397-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline