[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 3186-1] nss security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3186-1                   security@debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
March 13, 2015                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : nss
CVE ID         : CVE-2014-1569
Debian Bug     : 773625

It was discovered that the Mozilla Network Security Service library
(nss) incorrectly handled certain ASN.1 lengths. A remote attacker could
possibly use this issue to perform a data-smuggling attack.

For the stable distribution (wheezy), this problem has been fixed in
version 2:3.14.5-1+deb7u4.

For the upcoming stable distribution (jessie), this problem has been
fixed in version 2:3.17.2-1.1.

For the unstable distribution (sid), this problem has been fixed in
version 2:3.17.2-1.1.

We recommend that you upgrade your nss packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVApw+AAoJEAVMuPMTQ89Er54P/2hTUEoZIWoQtGbQRwjsLLeJ
jrVGylGUW/Ks4js4//tqlJrnjtVpQ7JUW+Waja1+/T72vTcZnKCAvAfpevNRuRe6
83SIOwOdfLFzW/6YJf/Y8YWfoeC/I3R8m1z/s7FKAuM5fLgGJlcdgbgTCQAzaKNg
7oQR1rF3ve960ISvtDxwgrbAyAS8GSTmePSmOggNv8eTZygSfn/3fkaj9XBGOqzH
/vsMM3qXcnkVt1/gDhuGikPZK58oz3tf0RvysiBhQX/JEniijeS8AWMsnElzttEd
8ouWnJeyUUgJWkBh2ktajVbSOBQVMgiHqA0rnjGLbi6SNq8TAS2vGqW2Mybjff4S
tqZIgiw45Wq2nfyKIRLWVByORotcrkxQI31XfUGw1MGh03wezCW7+fyEhblnKb8h
d8DK0InZrUUhNQ2cOPAf3jSk5jYtnvqRlZ+xxLZ6pFwNv118i73E3cQuKDMlloAB
RcLQWnBneTKaVv6b9Aah7C1WuyyuF7ls9gB5x11CTyCgOTKnepLNZMdS6/0zoXqA
I5WyvLXNIkgW2BrIhl+RT25dfO7thXUg/RVbNbDSFiN2yVobSeOh5ltiSol6QiSP
tTDZQFjPFWou48YTSHa/UtgZ7/+nfsaVlpHnSesKS5aewZKFFoXs4rhToAOvwGL3
7Vu/rlXNeyzOp2/JS4In
=AHyV
-----END PGP SIGNATURE-----


Reply to: