1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2994-1] nss security update

    From Raphael Geissert@1:229/2 to All on Thu Jul 31 14:00:01 2014
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2994-1 [email protected] http://www.debian.org/security/ Raphael Geissert
    July 31, 2014 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : nss
    CVE ID : CVE-2013-1741 CVE-2013-5606 CVE-2014-1491 CVE-2014-1492

    Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library:

    CVE-2013-1741

    Runaway memset in certificate parsing on 64-bit computers leading to
    a crash by attempting to write 4Gb of nulls.

    CVE-2013-5606

    Certificate validation with the verifylog mode did not return
    validation errors, but instead expected applications to determine
    the status by looking at the log.

    CVE-2014-1491

    Ticket handling protection mechanisms bypass due to the lack of
    restriction of public values in Diffie-Hellman key exchanges.

    CVE-2014-1492

    Incorrect IDNA domain name matching for wildcard certificates could
    allow specially-crafted invalid certificates to be considered as
    valid.

    For the stable distribution (wheezy), these problems have been fixed in
    version 2:3.14.5-1+deb7u1.

    For the testing distribution (jessie), and the unstable distribution (sid), these problems have been fixed in version 2:3.16-1.

    We recommend that you upgrade your nss packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.22 (GNU/Linux)

    iEYEARECAAYFAlPaLcQACgkQYy49rUbZzlryAwCfcT/wdXfIg3Qan7v49hkErZtP XU4AoIuaVrosMXowQjtqvD8LJqNZ9hd+
    =rne3
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/5105666.fXRtNcABSl@eee

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)