Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : nspr update (USN-1763-2)

Ubuntu Security Notice (C) 2013 Canonical, Inc. / NASL script (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

USN-1763-1 fixed a vulnerability in NSS. This update provides the NSPR
needed to use the new NSS.

Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as
used in NSS was vulnerable to a timing side-channel attack known as
the 'Lucky Thirteen' issue. A remote attacker could use this issue to
perform plaintext-recovery attacks via analysis of timing data.

Solution :

Update the affected libnspr4 and / or libnspr4-0d packages.

Risk factor :

High

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 65573 ()

Bugtraq ID:

CVE ID: