Test ID:	1.3.6.1.4.1.25623.1.1.12.2019.3850.2
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-3850-2)
Summary:	The remote host is missing an update for the 'nss' package(s) announced via the USN-3850-2 advisory.
Description:	Summary: The remote host is missing an update for the 'nss' package(s) announced via the USN-3850-2 advisory. Vulnerability Insight: USN-3850-1 fixed several vulnerabilities in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495) It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remote attacker could possibly use this issue to perform a replay attack. (CVE-2018-12384) It was discovered that NSS incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. (CVE-2018-12404) Affected Software/OS: 'nss' package(s) on Ubuntu 12.04. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-0495 Debian Security Information: DSA-4231 (Google Search) https://www.debian.org/security/2018/dsa-4231 https://dev.gnupg.org/T4011 https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965 https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/ https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html RedHat Security Advisories: RHSA-2018:3221 https://access.redhat.com/errata/RHSA-2018:3221 RedHat Security Advisories: RHSA-2018:3505 https://access.redhat.com/errata/RHSA-2018:3505 RedHat Security Advisories: RHSA-2019:1296 https://access.redhat.com/errata/RHSA-2019:1296 RedHat Security Advisories: RHSA-2019:1297 https://access.redhat.com/errata/RHSA-2019:1297 RedHat Security Advisories: RHSA-2019:1543 https://access.redhat.com/errata/RHSA-2019:1543 RedHat Security Advisories: RHSA-2019:2237 https://access.redhat.com/errata/RHSA-2019:2237 http://www.securitytracker.com/id/1041144 http://www.securitytracker.com/id/1041147 https://usn.ubuntu.com/3689-1/ https://usn.ubuntu.com/3689-2/ https://usn.ubuntu.com/3692-1/ https://usn.ubuntu.com/3692-2/ https://usn.ubuntu.com/3850-1/ https://usn.ubuntu.com/3850-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-12384 https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html Common Vulnerability Exposure (CVE) ID: CVE-2018-12404 BugTraq ID: 107260 http://www.securityfocus.com/bid/107260 https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404 https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04 https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html SuSE Security Announcement: openSUSE-SU-2019:1758 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.