============================================================================ Ubuntu Security Notice USN-2903-1 February 17, 2016 nss vulnerability ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: NSS could be made to expose sensitive information. Software Description: - nss: Network Security Service library Details: Hanno B=C3=B6ck discovered that NSS incorrectly handled certain division functions, possibly leading to cryptographic weaknesses. (CVE-2015-1938) This update also refreshes the NSS package to version 3.21 which includes the latest CA certificate bundle, and removes the SPI CA. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: libnss3 2:3.21-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: libnss3 2:3.21-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: libnss3 2:3.21-0ubuntu0.12.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use NSS, such as Evolution and Chromium, to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2903-1 CVE-2016-1938 Package Information: https://launchpad.net/ubuntu/+source/nss/2:3.21-0ubuntu0.15.10.1 https://launchpad.net/ubuntu/+source/nss/2:3.21-0ubuntu0.14.04.1 https://launchpad.net/ubuntu/+source/nss/2:3.21-0ubuntu0.12.04.1