First Last Prev Next    This bug is not in your last search results.
Bug 55735 - nss: Multiple issues (5.0)
nss: Multiple issues (5.0)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 5.0
All Linux
: P3 normal (vote)
: UCS 5.0-3-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2023-02-22 14:23 CET by Quality Assurance
Modified: 2023-02-23 16:55 CET (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 7.5 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2023-02-22 14:23:02 CET 
New Debian nss 2:3.42.1-1+deb10u6 fixes:
This update addresses the following issues:
* Side channel attack on ECDSA signature generation (CVE-2020-6829)
* P-384 and P-521 implementation uses a side-channel vulnerable modular  inversion function (CVE-2020-12400)
* ECDSA timing attack mitigation bypass (CVE-2020-12401)
* CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds  read (CVE-2020-12403)
* Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767)
Comment 1 Quality Assurance univentionstaff 2023-02-22 15:00:27 CET 
--- mirror/ftp/pool/main/n/nss/nss_3.42.1-1+deb10u5.dsc
+++ apt/ucs_5.0-0-errata5.0-3/source/nss_3.42.1-1+deb10u6.dsc
@@ -1,3 +1,34 @@
+2:3.42.1-1+deb10u6 [Mon, 20 Feb 2023 14:50:05 +0100] Markus Koschany <apo@debian.org>:
+
+  * Non-maintainer upload by the LTS team.
+  * Fix CVE-2020-6829, CVE-2020-12400, CVE-2020-12401, CVE-2020-12403 and
+    CVE-2023-0767.
+    Multiple security vulnerabilities have been discovered in nss, the
+    Network Security Service libraries.
+    CVE-2020-6829:
+    When performing EC scalar point multiplication, the wNAF point
+    multiplication algorithm was used; which leaked partial information about
+    the nonce used during signature generation. Given an electro-magnetic trace
+    of a few signature generations, the private key could have been computed.
+    CVE-2020-12400:
+    When converting coordinates from projective to affine, the modular
+    inversion was not performed in constant time, resulting in a possible
+    timing-based side channel attack.
+    CVE-2020-12401:
+    During ECDSA signature generation, padding applied in the nonce designed to
+    ensure constant-time scalar multiplication was removed, resulting in
+    variable-time execution dependent on secret data.
+    CVE-2020-12403:
+    A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in
+    versions before 3.55. When using multi-part Chacha20, it could cause
+    out-of-bounds reads. This issue was fixed by explicitly disabling
+    multi-part ChaCha20 (which was not functioning correctly) and strictly
+    enforcing tag length.
+    CVE-2023-0767:
+    Christian Holler discovered that incorrect handling of PKCS 12 Safe Bag
+    attributes may result in execution of arbitrary code if a specially crafted
+    PKCS 12 certificate bundle is processed.
+
 2:3.42.1-1+deb10u5 [Sun, 23 Jan 2022 08:56:42 +0100] Salvatore Bonaccorso <carnil@debian.org>:
 
   * Non-maintainer upload by the Security Team.

<http://piuparts.knut.univention.de/5.0-3/#8946548568188398468>
Comment 2 Philipp Hahn univentionstaff 2023-02-22 19:37:30 CET 
OK: bug
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[5.0-3] 4d3c695a90 Bug #55735: nss 2:3.42.1-1+deb10u6
 doc/errata/staging/nss.yaml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
First Last Prev Next    This bug is not in your last search results.