Debian Security Advisory
DLA-427-1 nss -- LTS security update
- Date Reported:
- 24 Feb 2016
- Affected Packages:
- nss
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-1938.
- More information:
-
The s_mp_div function in Mozilla Network Security Services (NSS) before 3.21, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
For the oldoldstable distribution (squeeze), these problem has been fixed in version 3.12.8-1+squeeze14.
We recommend that you upgrade your nss packages.