Re: [SECURITY] [DSA 3033-1] nss security update

To: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: Re: [SECURITY] [DSA 3033-1] nss security update
From: DUANE and CHERYL CAREY <careycher1@msn.com>
Date: Wed, 24 Sep 2014 21:29:25 -0400
Message-id: <[🔎] BLU404-EAS102272CBD32C531CF3AD24484BE0@phx.gbl>
In-reply-to: <20140925002335.GA22685@scapa.corsac.net>
References: <20140925002335.GA22685@scapa.corsac.net>

Yes, this is the perfect thing for our website

Love you

Me

Sent from my iPhone

> On Sep 24, 2014, at 8:30 PM, Yves-Alexis Perez <corsac@debian.org> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-3033-1                   security@debian.org
> http://www.debian.org/security/                         Yves-Alexis Perez
> September 25, 2014                     http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
> 
> Package        : nss
> CVE ID         : CVE-2014-1568
> 
> Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS
> (the Mozilla Network Security Service library) was parsing ASN.1 data
> used in signatures, making it vulnerable to a signature forgery attack.
> 
> An attacker could craft ASN.1 data to forge RSA certificates with a
> valid certification chain to a trusted CA.
> 
> For the stable distribution (wheezy), this problem has been fixed in
> version 2:3.14.5-1+deb7u2.
> 
> For the testing distribution (jessie), this problem has been fixed in
> version 2:3.17.1.
> 
> For the unstable distribution (sid), this problem has been fixed in
> version 2:3.17.1.
> 
> We recommend that you upgrade your nss packages.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
> 
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> 
> iQEcBAEBCgAGBQJUI2CBAAoJEG3bU/KmdcCldbsIAKpmbb4XdAU3Lwr0aqXQ5UTt
> Tg+w2bZ8nKgZr2e+apkdlCqOd7QLnvUrykhUGe4HAwCcb38BUV8xhA+sdAfrXhdQ
> S7XOev+zgWtcu3FOylluRg5hMxBetqbZCtKHZ97NzbzX0IVMNXOMBNXsXOBSlxJd
> 8H5d30zcUtMCYQVMhj3tUDkTTZuo1POp7MA44RkL13ORMlDcRSbYacicyRZbFtOk
> P6/i9Caq657Sm0MXjRCDet+jdtTIpCucF/nW+jXsWyzqtA5OJphic2UX9cG05LzC
> hYyVKHITZVkuSQVqqX6+EwVaA9nn1DerX48Jqty+7dLWUdHVhs30WTRjx0Ip/dw=
> =HZF1
> -----END PGP SIGNATURE-----
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: https://lists.debian.org/20140925002335.GA22685@scapa.corsac.net
>

Reply to:

Prev by Date: Re: bash 4.2 for squeeze
Next by Date: Re: [Reproducible-builds] concrete steps for improving apt downloading security and privacy
Previous by thread: Re: bash 4.2 for squeeze
Next by thread: AW: [SECURITY] [DSA 3032-1] bash security update
Index(es):
- Date
- Thread