CVE-2017-5462 (retired)

Priority
Description
A flaw in DRBG number generation within the Network Security Services (NSS)
library where the internal state V does not correctly carry bits over. The
NSS library has been updated to fix this issue to address this issue and
Firefox ESR 52.1 has been updated with NSS version 3.28.4. This
vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR <
52.1, and Firefox < 53.
Notes
 leosilva> fixed for nss in precise after version upgrade
Assigned-to
chrisccoulson
Package
Upstream:released (53.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was ignored)
Ubuntu 14.04 LTS (Trusty Tahr):released (53.0+build6-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (53.0+build6-0ubuntu0.16.04.1)
Package
Source: nss (LP Ubuntu Debian)
Upstream:released (3.28.4, 3.30.1)
Ubuntu 12.04 ESM (Precise Pangolin):released (2:3.28.4-0ubuntu0.12.04.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (2:3.28.4-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (2:3.28.4-0ubuntu0.16.04.1)
Patches:
Upstream:https://hg.mozilla.org/projects/nss/rev/7248d38b76e5
Package
Upstream:released (52.1.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:52.1.1+build1-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:52.1.1+build1-0ubuntu0.16.04.1)
More Information

Updated: 2019-03-26 12:26:03 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)