USN-2903-2: NSS regression
23 February 2016
- nss - Network Security Service library
USN-2903-1 fixed a vulnerability in NSS. An incorrect package versioning
change in Ubuntu 12.04 LTS caused a regression when building software
against NSS. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Hanno Böck discovered that NSS incorrectly handled certain division
functions, possibly leading to cryptographic weaknesses. (CVE-2016-1938)
This update also refreshes the NSS package to version 3.21 which includes
the latest CA certificate bundle, and removes the SPI CA.