Univention Bugzilla – Bug 55735
nss: Multiple issues (5.0)
Last modified: 2023-02-23 16:55:09 CET
New Debian nss 2:3.42.1-1+deb10u6 fixes: This update addresses the following issues: * Side channel attack on ECDSA signature generation (CVE-2020-6829) * P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function (CVE-2020-12400) * ECDSA timing attack mitigation bypass (CVE-2020-12401) * CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403) * Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767)
--- mirror/ftp/pool/main/n/nss/nss_3.42.1-1+deb10u5.dsc +++ apt/ucs_5.0-0-errata5.0-3/source/nss_3.42.1-1+deb10u6.dsc @@ -1,3 +1,34 @@ +2:3.42.1-1+deb10u6 [Mon, 20 Feb 2023 14:50:05 +0100] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix CVE-2020-6829, CVE-2020-12400, CVE-2020-12401, CVE-2020-12403 and + CVE-2023-0767. + Multiple security vulnerabilities have been discovered in nss, the + Network Security Service libraries. + CVE-2020-6829: + When performing EC scalar point multiplication, the wNAF point + multiplication algorithm was used; which leaked partial information about + the nonce used during signature generation. Given an electro-magnetic trace + of a few signature generations, the private key could have been computed. + CVE-2020-12400: + When converting coordinates from projective to affine, the modular + inversion was not performed in constant time, resulting in a possible + timing-based side channel attack. + CVE-2020-12401: + During ECDSA signature generation, padding applied in the nonce designed to + ensure constant-time scalar multiplication was removed, resulting in + variable-time execution dependent on secret data. + CVE-2020-12403: + A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in + versions before 3.55. When using multi-part Chacha20, it could cause + out-of-bounds reads. This issue was fixed by explicitly disabling + multi-part ChaCha20 (which was not functioning correctly) and strictly + enforcing tag length. + CVE-2023-0767: + Christian Holler discovered that incorrect handling of PKCS 12 Safe Bag + attributes may result in execution of arbitrary code if a specially crafted + PKCS 12 certificate bundle is processed. + 2:3.42.1-1+deb10u5 [Sun, 23 Jan 2022 08:56:42 +0100] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://piuparts.knut.univention.de/5.0-3/#8946548568188398468>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-3] 4d3c695a90 Bug #55735: nss 2:3.42.1-1+deb10u6 doc/errata/staging/nss.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x591>