Gentoo Linux Security Advisory 201701-46 - Multiple vulnerabilities have been found in NSS, the worst of which could allow remote attackers to obtain access to private key information. Versions less than 3.28 are affected.
b1cd45ec7124022777ee15626d3b9e992a81649ff892fb429b6fc114d81bce0fDebian Linux Security Advisory 3688-1 - Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project.
b93966cf45b459b94721e41f799657ce1d921ea91d32c39e7fe841f2d97f11e7Ubuntu Security Notice 2973-1 - Christian Holler, Tyson Smith, and Phil Ringalda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. Hanno Boeck discovered that calculations with mp_div and mp_exptmod in NSS produce incorrect results in some circumstances, resulting in cryptographic weaknesses. Various other issues were also addressed.
d29c52273e7734f2eb886a43b5407681e67a0595f44c88105e13d3a3a39ba876Ubuntu Security Notice 2903-2 - USN-2903-1 fixed a vulnerability in NSS. An incorrect package versioning change in Ubuntu 12.04 LTS caused a regression when building software against NSS. This update fixes the problem. Hanno Boeck discovered that NSS incorrectly handled certain division functions, possibly leading to cryptographic weaknesses. This update also refreshes the NSS package to version 3.21 which includes the latest CA certificate bundle, and removes the SPI CA. Various other issues were also addressed.
d3283200efa890107e2802a18cd81e5fbdacb3975b6da21cb9ccb7a1f29a4936Ubuntu Security Notice 2903-1 - Hanno Boeck discovered that NSS incorrectly handled certain division functions, possibly leading to cryptographic weaknesses. This update also refreshes the NSS package to version 3.21 which includes the latest CA certificate bundle, and removes the SPI CA.
f6a190f2df63a4842e2f9cbe069394f800fdf9cecad2c50da789ce6f9e53ff99Ubuntu Security Notice 2880-2 - USN-2880-1 fixed vulnerabilities in Firefox. This update introduced a regression which caused Firefox to crash on startup with some configurations. This update fixes the problem. Various other issues were also addressed.
cb3999810b3a4d20a01233e46db43a709e067915cacd6ffbc773f23726fd94fbUbuntu Security Notice 2880-1 - Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, Nicolas Pierron, Eric Rescorla, Tyson Smith, and Gabor Krizsanits discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Gustavo Grieco discovered an out-of-memory crash when loading GIF images in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service. Various other issues were also addressed.
15dcb61b640228ff99b99cf47350fa53304f54f58f8616c179264e04e1b8ed38
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed