Ubuntu Security Notice USN-2791-1
4th November, 2015
nss vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
NSS could be made to crash or run programs if it received specially
crafted input.
Software description
- nss
– Network Security Service library
Details
Tyson Smith and David Keeler discovered that NSS incorrectly handled
decoding certain ASN.1 data. An remote attacker could use this issue to
cause NSS to crash, resulting in a denial of service, or possibly execute
arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.10:
-
libnss3
2:3.19.2.1-0ubuntu0.15.10.1
- Ubuntu 15.04:
-
libnss3
2:3.19.2.1-0ubuntu0.15.04.1
- Ubuntu 14.04 LTS:
-
libnss3
2:3.19.2.1-0ubuntu0.14.04.1
- Ubuntu 12.04 LTS:
-
libnss3
3.19.2.1-0ubuntu0.12.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart any applications that
use NSS, such as Evolution and Chromium, to make all the necessary changes.