USN-2791-1: NSS vulnerabilities
4 November 2015
NSS could be made to crash or run programs if it received specially crafted input.
Releases
Packages
- nss - Network Security Service library
Details
Tyson Smith and David Keeler discovered that NSS incorrectly handled
decoding certain ASN.1 data. An remote attacker could use this issue to
cause NSS to crash, resulting in a denial of service, or possibly execute
arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10
Ubuntu 15.04
Ubuntu 14.04
Ubuntu 12.04
After a standard system update you need to restart any applications that
use NSS, such as Evolution and Chromium, to make all the necessary changes.