Ubuntu Security Notice USN-2361-1
24th September, 2014
nss vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary
Fraudulent security certificates could allow sensitive information to
be exposed when accessing the Internet.
Software description
- nss
– Network Security Service library
Details
Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled
parsing ASN.1 values. An attacker could use this issue to forge RSA
certificates.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.04 LTS:
-
libnss3
2:3.17.1-0ubuntu0.14.04.1
- Ubuntu 12.04 LTS:
-
libnss3
3.17.1-0ubuntu0.12.04.1
- Ubuntu 10.04 LTS:
-
libnss3-1d
3.17.1-0ubuntu0.10.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use NSS, such as Evolution and Chromium, to make all the necessary
changes.