Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5506-1

Ubuntu Security Notice 5506-1 - Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7 sequence. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. Ronald Crane discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.

Packet Storm
#vulnerability#ubuntu#dos

==========================================================================
Ubuntu Security Notice USN-5506-1
July 07, 2022

nss vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 22.04 LTS
  • Ubuntu 21.10
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in NSS.

Software Description:

  • nss: Network Security Service library

Details:

Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7
sequence. A remote attacker could possibly use this issue to cause NSS to
crash, resulting in a denial of service. This issue only affected Ubuntu
18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-22747)

Ronald Crane discovered that NSS incorrectly handled certain memory
operations. A remote attacker could use this issue to cause NSS to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2022-34480)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
libnss3 2:3.68.2-0ubuntu1.1

Ubuntu 21.10:
libnss3 2:3.68-1ubuntu1.2

Ubuntu 20.04 LTS:
libnss3 2:3.49.1-1ubuntu1.8

Ubuntu 18.04 LTS:
libnss3 2:3.35-2ubuntu2.15

After a standard system update you need to restart any applications that
use NSS to make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5506-1
CVE-2022-22747, CVE-2022-34480

Package Information:
https://launchpad.net/ubuntu/+source/nss/2:3.68.2-0ubuntu1.1
https://launchpad.net/ubuntu/+source/nss/2:3.68-1ubuntu1.2
https://launchpad.net/ubuntu/+source/nss/2:3.49.1-1ubuntu1.8
https://launchpad.net/ubuntu/+source/nss/2:3.35-2ubuntu2.15

Related news

Ubuntu Security Notice USN-5872-1

Ubuntu Security Notice 5872-1 - Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7 sequence. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. Ronald Crane discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2021-4140: Security Vulnerabilities fixed in Firefox ESR 91.5

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVE-2022-22749: Security Vulnerabilities fixed in Firefox 96

When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.<br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 96.

CVE-2022-34468: Security Vulnerabilities fixed in Firefox 102

An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.

Gentoo Linux Security Advisory 202208-14

Gentoo Linux Security Advisory 202208-14 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0 are affected.

Gentoo Linux Security Advisory 202208-08

Gentoo Linux Security Advisory 202208-8 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 91.12.0:esr are affected.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution