CVE-2017-5462 (retired)

Priority
Description
A flaw in DRBG number generation within the Network Security Services (NSS)
library where the internal state V does not correctly carry bits over. The
NSS library has been updated to fix this issue to address this issue and
Firefox ESR 52.1 has been updated with NSS version 3.28.4. This
vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR <
52.1, and Firefox < 53.
Notes
 leosilva> fixed for nss in precise after version upgrade
Assigned-to
chrisccoulson
Package
Upstream:released (53.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored)
Ubuntu 16.04 LTS (Xenial Xerus):released (53.0+build6-0ubuntu0.16.04.1)
Package
Source: nss (LP Ubuntu Debian)
Upstream:released (3.28.4, 3.30.1)
Ubuntu 12.04 ESM (Precise Pangolin):released (2:3.28.4-0ubuntu0.12.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (2:3.28.4-0ubuntu0.16.04.1)
Patches:
Upstream:https://hg.mozilla.org/projects/nss/rev/7248d38b76e5
Package
Upstream:released (52.1.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:52.1.1+build1-0ubuntu0.16.04.1)
More Information

Updated: 2019-08-23 09:16:45 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)