Debian Long Term Support / LTS Security Information / 2016 / Security Information -- DLA-427-1 nss

Debian Security Advisory

DLA-427-1 nss -- LTS security update

Date Reported:

24 Feb 2016

Affected Packages:

nss

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2016-1938.

More information:

The s_mp_div function in Mozilla Network Security Services (NSS) before 3.21, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.

For the oldoldstable distribution (squeeze), these problem has been fixed in version 3.12.8-1+squeeze14.

We recommend that you upgrade your nss packages.