1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2790-1] nss security update

    From Salvatore Bonaccorso@1:229/2 to All on Sat Nov 2 07:20:01 2013
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2790-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 02, 2013 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : nss
    Vulnerability : uninitialized memory read
    Problem type : remote
    Debian-specific: no
    CVE ID : CVE-2013-1739
    Debian Bug : 726473

    A flaw was found in the way the Mozilla Network Security Service library
    (nss) read uninitialized data when there was a decryption failure. A
    remote attacker could use this flaw to cause a denial of service
    (application crash) for applications linked with the nss library.

    The oldstable distribution (squeeze) is not affected by this problem.

    For the stable distribution (wheezy), this problem has been fixed in
    version 2:3.14.4-1.

    The packages in the stable distribution were updated to the latest patch release 3.14.4 of the library to also include a regression bugfix for a
    flaw that affects the libpkix certificate verification cache. More
    information can be found via:

    https://developer.mozilla.org/en-US/docs/NSS/NSS_3.14.4_release_notes

    For the testing distribution (jessie), this problem has been fixed in
    version 2:3.15.2-1.

    For the unstable distribution (sid), this problem has been fixed in
    version 2:3.15.2-1.

    We recommend that you upgrade your nss packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.12 (GNU/Linux)

    iQIcBAEBCgAGBQJSdJSfAAoJEAVMuPMTQ89EolAQAKJMoAA1k5jKzEa6sXzt2nut Osw/Km/Jio6qBQdUMc40QeRWjy3dCNtufE6t+ffRH/NUg/ZREE+5YPbKYuZXqKVQ LJ+7CUlv8FClKafoW1UvHjPmj8lfTFjI1e31dh4KgOkqanZ2ufVwWETolvEoEkTs gySXv1z5e0/OgpSHx9pHmJbYmC+p4+fex/eK3OrCGynQNh1MAarcetiXVl4QnbFe uJ5YE4jdJGJ4p746b1zVKGKLNKtVW5cT6h4HMZ6EHLBbGAfi35i+Qa9ZdQMS1ncC 3xssfmmGVR+J8hzyMNx3USCHRe5CjqOIsR0oaEcmijO/m/7w+GSzk0jIYxI9PgyV RmRf+sLoSBSvlaFHTfaqOF/vPJXL1S7vPkMNWJ/pQQk8QueEsTdH+FzZh99aQ1eP IMHd2GYF3sgD8LjafxFBkXLVDTgfR3LilMOAZHGVM6+jFySeGiv80ywGnvlWuuV4 2fDNiOFClDeziECezCQSxsizC2TZ9jHyB7NcxxhYt40w5q66i8UhLBWXwKjXLRco FVvAHIs8RfSlHDvIag2+TttSuTuQ20zAS83lXMsA2UyP4PLGGpRg6mPcfs4TgGN3 69oq4YaySp6dxvu8WcxdMQWMKj4LamT+XUch6q44euNystg1MNILK7tgGeFti0Mk vSnOSXPCRrlLrCsHVR2/
    =4pBK
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)