Packages
- nspr - NetScape Portable Runtime Library
Details
USN-1763-1 fixed a vulnerability in NSS. This update provides the NSPR
needed to use the new NSS.
Original advisory details:
Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used
in NSS was vulnerable to a timing side-channel attack known as the
"Lucky Thirteen" issue. A remote attacker could use this issue to perform
plaintext-recovery attacks via analysis of timing data.
USN-1763-1 fixed a vulnerability in NSS. This update provides the NSPR
needed to use the new NSS.
Original advisory details:
Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used
in NSS was vulnerable to a timing side-channel attack known as the
"Lucky Thirteen" issue. A remote attacker could use this issue to perform
plaintext-recovery attacks via analysis of timing data.
Update instructions
After a standard system update you need to restart any applications that use NSPR, such as Evolution and Chromium, to make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 12.10 quantal | libnspr4 – 4.9.5-0ubuntu0.12.10.1 | ||
| 12.04 precise | libnspr4 – 4.9.5-0ubuntu0.12.04.1 | ||
| 11.10 oneiric | libnspr4 – 4.9.5-0ubuntu0.11.10.1 | ||
| 10.04 lucid | libnspr4-0d – 4.9.5-0ubuntu0.10.04.1 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.