Advisory: CLSA-2023:1677784062
OS: Ubuntu 16.04 ELS
Public date: 2023-03-02 00:00:00
Project: nss
Version: 2:3.28.4-0ubuntu0.16.04.14+tuxcare.els4
Errata link: https://errata.tuxcare.com/els_os/ubuntu16.04els/CLSA-2023-1677784062.html
* SECURITY UPDATE: Within the lg_init() function, if several allocations succeed but then one fails, an uninitialized pointer would have been freed despite never being allocated. - debian/patches/CVE-2022-34480.patch: avoid using uninitialized pointer - CVE-2022-34480
Update command: apt-get update apt-get --only-upgrade install nss*
libnss3_3.28.4-0ubuntu0.16.04.14+tuxcare.els4_amd64.deb libnss3-1d_3.28.4-0ubuntu0.16.04.14+tuxcare.els4_amd64.deb libnss3-dev_3.28.4-0ubuntu0.16.04.14+tuxcare.els4_amd64.deb libnss3-nssdb_3.28.4-0ubuntu0.16.04.14+tuxcare.els4_all.deb libnss3-tools_3.28.4-0ubuntu0.16.04.14+tuxcare.els4_amd64.deb