Ubuntu Security Notice 1763-2 - USN-1763-1 fixed a vulnerability in NSS. This update provides the NSPR needed to use the new NSS. Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in NSS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. Various other issues were also addressed.
14c2109289cf639924ee155649aaf99f56995b1e908629a630645e7226d2101b