First published: Wed Jun 17 2020(Updated: )
USN-4397-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Cesar Pereida Garcia discovered that NSS incorrectly handled DSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover DSA keys. (CVE-2020-12399)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/libnss3 | <2:3.28.4-0ubuntu0.14.04.5+esm5 | 2:3.28.4-0ubuntu0.14.04.5+esm5 |
=14.04 | ||
All of | ||
ubuntu/libnss3 | <2:3.28.4-0ubuntu0.12.04.8 | 2:3.28.4-0ubuntu0.12.04.8 |
=12.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is USN-4397-2.
The severity of USN-4397-2 is not mentioned in the provided information.
Ubuntu 12.04 ESM and Ubuntu 14.04 ESM with libnss3 version 2:3.28.4-0ubuntu0.14.04.5+esm5 and libnss3 version 2:3.28.4-0ubuntu0.12.04.8 are affected.
To fix USN-4397-2, update the libnss3 package to version 2:3.28.4-0ubuntu0.14.04.5+esm5 for Ubuntu 14.04 ESM and version 2:3.28.4-0ubuntu0.12.04.8 for Ubuntu 12.04 ESM.
You can find more information about USN-4397-2 on the Ubuntu Security Notices website.