Headline
Ubuntu Security Notice USN-5872-1
Ubuntu Security Notice 5872-1 - Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7 sequence. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. Ronald Crane discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.
==========================================================================Ubuntu Security Notice USN-5872-1February 15, 2023nss vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESM- Ubuntu 14.04 ESMSummary:Several security issues were fixed in NSS.Software Description:- nss: Network Security Service libraryDetails:Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7sequence. A remote attacker could possibly use this issue to cause NSS tocrash, resulting in a denial of service. (CVE-2022-22747)Ronald Crane discovered that NSS incorrectly handled certain memoryoperations. A remote attacker could use this issue to cause NSS to crash,resulting in a denial of service, or possibly execute arbitrary code.(CVE-2022-34480)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM: libnss3 2:3.28.4-0ubuntu0.16.04.14+esm3Ubuntu 14.04 ESM: libnss3 2:3.28.4-0ubuntu0.14.04.5+esm11After a standard system update you need to restart any applications thatuse NSS to make all the necessary changes.References:https://ubuntu.com/security/notices/USN-5872-1 <https://ubuntu.com/security/notices/USN-5872-1> CVE-2022-22747, CVE-2022-34480
Related news
When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96.
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Gentoo Linux Security Advisory 202208-14 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0 are affected.
Gentoo Linux Security Advisory 202208-8 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0:esr are affected.
Ubuntu Security Notice 5506-1 - Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7 sequence. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. Ronald Crane discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice 5506-1 - Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7 sequence. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. Ronald Crane discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.