USN-3850-1: NSS vulnerabilities
Severity
Medium
Vendor
Canonical Ubuntu
Description
Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495)
It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remote attacker could possibly use this issue to perform a replay attack. (CVE-2018-12384)
It was discovered that NSS incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. (CVE-2018-12404)
CVEs contained in this USN include: CVE-2018-0495, CVE-2018-12384, CVE-2018-12404
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
- Pivotal Operations Manager is vulnerable in the following releases:
- 2.4.x versions prior to 2.4.2
- 2.3.x versions prior to 2.3.8
- 2.2.x versions prior to 2.2.15
Mitigation
Users of affected versions should apply the following mitigation:
- Releases that have fixed this issue include:
- Pivotal Operations Manager: 2.4.2, 2.3.8, 2.2.15