Debian Security Advisory
DLA-154-1 nss -- LTS security update
- Date Reported:
- 16 Feb 2015
- Affected Packages:
- nss
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 773625.
In Mitre's CVE dictionary: CVE-2011-3389, CVE-2014-1569. - More information:
-
nss 3.12.8-1+squeeze11 fixes two security issues:
- CVE-2011-3389
SSL 3.0 and TLS 1.0 connections were vulnerable to some chosen plaintext attacks which allowed man-in-the middle attackers to obtain plaintext HTTP headers on an HTTPS session. This issue is known as the
BEAST
attack. - CVE-2014-1569
Possible information leak with too-permissive ASN.1 DER decoding of length.
For Debian 6
Squeeze
, these issues have been fixed in nss version 3.12.8-1+squeeze11 - CVE-2011-3389