[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 946-1] nss security update

Package        : nss
Version        : 2:3.26-1+debu7u3
CVE ID         : CVE-2017-5461 CVE-2017-5462
Debian Bug     : 862958

The NSS library is vulnerable to two security issues:


    Out-of-bounds write in Base64 encoding. This can trigger a crash
    (denial of service) and might be exploitable for code execution.


    A flaw in DRBG number generation where the internal state V does not
    correctly carry bits over.

For Debian 7 "Wheezy", these problems have been fixed in version

We recommend that you upgrade your nss packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Attachment: signature.asc
Description: PGP signature

Reply to: