All Vulnerability Reports

USN-3850-1: NSS vulnerabilities


Severity

Medium

Vendor

Canonical Ubuntu

Description

Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495)

It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remote attacker could possibly use this issue to perform a replay attack. (CVE-2018-12384)

It was discovered that NSS incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. (CVE-2018-12404)

CVEs contained in this USN include: CVE-2018-0495, CVE-2018-12384, CVE-2018-12404

Affected Pivotal Products and Versions

Severity is medium unless otherwise noted.

  • Pivotal Operations Manager is vulnerable in the following releases:
    • 2.4.x versions prior to 2.4.2
    • 2.3.x versions prior to 2.3.8
    • 2.2.x versions prior to 2.2.15
Mitigation

Users of affected versions should apply the following mitigation:

  • Releases that have fixed this issue include:
    • Pivotal Operations Manager: 2.4.2, 2.3.8, 2.2.15
References
문의