Package : nss Version : 2:3.26-1+debu7u3 CVE ID : CVE-2017-5461 CVE-2017-5462 Debian Bug : 862958 The NSS library is vulnerable to two security issues: CVE-2017-5461 Out-of-bounds write in Base64 encoding. This can trigger a crash (denial of service) and might be exploitable for code execution. CVE-2017-5462 A flaw in DRBG number generation where the internal state V does not correctly carry bits over. For Debian 7 "Wheezy", these problems have been fixed in version 2:3.26-1+debu7u3. We recommend that you upgrade your nss packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/
Attachment:
signature.asc
Description: PGP signature