Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5872-1

Ubuntu Security Notice 5872-1 - Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7 sequence. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. Ronald Crane discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.

Packet Storm
#vulnerability#ubuntu#dos
==========================================================================Ubuntu Security Notice USN-5872-1February 15, 2023nss vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESM- Ubuntu 14.04 ESMSummary:Several security issues were fixed in NSS.Software Description:- nss: Network Security Service libraryDetails:Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7sequence. A remote attacker could possibly use this issue to cause NSS tocrash, resulting in a denial of service. (CVE-2022-22747)Ronald Crane discovered that NSS incorrectly handled certain memoryoperations. A remote attacker could use this issue to cause NSS to crash,resulting in a denial of service, or possibly execute arbitrary code.(CVE-2022-34480)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM:   libnss3                         2:3.28.4-0ubuntu0.16.04.14+esm3Ubuntu 14.04 ESM:   libnss3                         2:3.28.4-0ubuntu0.14.04.5+esm11After a standard system update you need to restart any applications thatuse NSS to make all the necessary changes.References:https://ubuntu.com/security/notices/USN-5872-1 <https://ubuntu.com/security/notices/USN-5872-1>   CVE-2022-22747, CVE-2022-34480

Related news

CVE-2022-22749: Security Vulnerabilities fixed in Firefox 96

When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96.

CVE-2021-4140: Security Vulnerabilities fixed in Firefox ESR 91.5

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVE-2022-34468: Security Vulnerabilities fixed in Firefox 102

An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

Gentoo Linux Security Advisory 202208-14

Gentoo Linux Security Advisory 202208-14 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0 are affected.

Gentoo Linux Security Advisory 202208-08

Gentoo Linux Security Advisory 202208-8 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0:esr are affected.

Ubuntu Security Notice USN-5506-1

Ubuntu Security Notice 5506-1 - Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7 sequence. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. Ronald Crane discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-5506-1

Ubuntu Security Notice 5506-1 - Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7 sequence. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. Ronald Crane discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution