USN-6727-2

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-6727-2

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6727-2.json

JSON Data

https://api.osv.dev/v1/vulns/USN-6727-2

Published

2024-04-11T18:18:01Z

Modified

2026-02-10T04:43:40Z

Summary

nss regression

Details

USN-6727-1 fixed vulnerabilities in NSS. The update introduced a regression when trying to load security modules on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that NSS incorrectly handled padding when checking PKCS#1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. (CVE-2023-4421)

It was discovered that NSS had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover private data. (CVE-2023-5388)

It was discovered that NSS had a timing side-channel when using certain NIST curves. A remote attacker could possibly use this issue to recover private data. (CVE-2023-6135)

The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.98 which includes the latest CA certificate bundle and other security improvements.

References

Affected packages

Ubuntu:20.04:LTS / nss

Package

Name: nss
Purl: pkg:deb/ubuntu/nss@2:3.98-0ubuntu0.20.04.2?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:3.98-0ubuntu0.20.04.2

Affected versions

2:3.*

2:3.45-1ubuntu2

2:3.47-1ubuntu1

2:3.47-1ubuntu2

2:3.48-1ubuntu1

2:3.49.1-1ubuntu1

2:3.49.1-1ubuntu1.1

2:3.49.1-1ubuntu1.2

2:3.49.1-1ubuntu1.4

2:3.49.1-1ubuntu1.5

2:3.49.1-1ubuntu1.6

2:3.49.1-1ubuntu1.7

2:3.49.1-1ubuntu1.8

2:3.49.1-1ubuntu1.9

2:3.98-0ubuntu0.20.04.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:3.98-0ubuntu0.20.04.2",
            "binary_name": "libnss3"
        },
        {
            "binary_version": "2:3.98-0ubuntu0.20.04.2",
            "binary_name": "libnss3-dev"
        },
        {
            "binary_version": "2:3.98-0ubuntu0.20.04.2",
            "binary_name": "libnss3-tools"
        }
    ],
    "availability": "No subscription required"
}

Database specific

cves_map

{
    "ecosystem": "Ubuntu:20.04:LTS",
    "cves": []
}

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6727-2.json"

Ubuntu:22.04:LTS / nss

Package

Name: nss
Purl: pkg:deb/ubuntu/nss@2:3.98-0ubuntu0.22.04.2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:3.98-0ubuntu0.22.04.2

Affected versions

2:3.*

2:3.68-1ubuntu1

2:3.68-1ubuntu2

2:3.68.2-0ubuntu1

2:3.68.2-0ubuntu1.1

2:3.68.2-0ubuntu1.2

2:3.98-0ubuntu0.22.04.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:3.98-0ubuntu0.22.04.2",
            "binary_name": "libnss3"
        },
        {
            "binary_version": "2:3.98-0ubuntu0.22.04.2",
            "binary_name": "libnss3-dev"
        },
        {
            "binary_version": "2:3.98-0ubuntu0.22.04.2",
            "binary_name": "libnss3-tools"
        }
    ],
    "availability": "No subscription required"
}

Database specific

cves_map

{
    "ecosystem": "Ubuntu:22.04:LTS",
    "cves": []
}

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6727-2.json"