1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3071-1] nss security update

    From Sebastien Delafond@1:229/2 to All on Tue Nov 11 22:10:02 2014
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3071-1 [email protected] http://www.debian.org/security/ Sebastien Delafond November 11, 2014 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : nss
    CVE ID : CVE-2014-1544

    In nss, a set of libraries designed to support cross-platform
    development of security-enabled client and server applications, Tyson
    Smith and Jesse Schwartzentruber discovered a use-after-free
    vulnerability that allows remote attackers to execute arbitrary code by triggering the improper removal of an NSSCertificate structure from a
    trust domain.

    For the stable distribution (wheezy), this problem has been fixed in
    version 2:3.14.5-1+deb7u3.

    For the upcoming stable distribution (jessie), this problem has been
    fixed in version 2:3.16.3-1.

    For the unstable distribution (sid), this problem has been fixed in
    version 2:3.16.3-1.

    We recommend that you upgrade your nss packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.12 (GNU/Linux)

    iQIcBAEBCgAGBQJUYni5AAoJEAVMuPMTQ89EAQkP/3mya/VKtHtdphUqpiBwUuOc vRPG0amukfaS+g214xr2iJXd3kwa4IalmoWRtzLfo5CrtOygv6SQw2tdFlqVP5f0 8OOUyYZtClPF+dF+KnvF9Kn9fFtEjVCb4Os45G9fvL9cy4isz4B2jVKQWD/Y/6wS xGIi+J3BH25KcwZCr/jV1t47bA77P2q8sebLywkzooNzeQzOwF+mrKnIwhoVABq1 7QMhQ80PAC2iU+9LkLX76JSw0TUcfaGO+aGbnLTtOH+BX2jFyy+NktEUanD6pjY2 jLilJwejVLThaosKJqciRuhZ1EkKG2+3E2ERX2sOejHpPWb1JBIURSM2RTnorKrW ZpM2SKl4jfYkpwBZsHqQ+6nUsQxCK55TfViaD4gp0oiSHgXjRjdJoDdUBV2+c5us HhDesXGfGKrLiAp5or+es04Hn3Zj4UDAW7WTXIpFP9VH32vQUiwieTw6Il0n8JKC wIyS7MS8/aMofiZ5DQz7AFBrUyA92z+qhsa0Rs/cJcIHNvVAQ993pANwvT1IKL6k ilSFtSVOFuVc23Ypdt8EFAjgv6WZS0EmtjrohzYrGRARSyLRijtGzLyG189kgWsZ wxO0BWcMhsloSVTuClGUMV6F7cZTq00D2UD+/poqKbZBe4CUCkdbJT0zCpWHx2jg rO7mnxxfUgUv8n7rP5Jh
    =lTKD
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)