USN-2791-1: NSS vulnerabilities

04 November 2015

NSS could be made to crash or run programs if it received specially crafted input.

Releases

Packages

  • nss - Network Security Service library

Details

Tyson Smith and David Keeler discovered that NSS incorrectly handled
decoding certain ASN.1 data. An remote attacker could use this issue to
cause NSS to crash, resulting in a denial of service, or possibly execute
arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10
Ubuntu 15.04
Ubuntu 14.04
Ubuntu 12.04

After a standard system update you need to restart any applications that
use NSS, such as Evolution and Chromium, to make all the necessary changes.