Debian Security Advisory

DLA-427-1 nss -- LTS security update

Date Reported:

24 Feb 2016

Affected Packages:

nss

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2016-1938.

More information:

The s_mp_div function in Mozilla Network Security Services (NSS) before 3.21, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.

For the oldoldstable distribution (squeeze), these problem has been fixed in version 3.12.8-1+squeeze14.

We recommend that you upgrade your nss packages.

This page is also available in the following languages:

dansk français Русский (Russkij)

How to set the default document language

To report a problem with the web site, please e-mail our publicly archived mailing list debian-www@lists.debian.org in English. For other contact information, see the Debian contact page. Web site source code is available.

Last Modified: Sat, Feb 9 04:52:41 UTC 2019 Last Built: Sun, May 10 03:38:55 UTC 2020
Copyright © 2016-2020 SPI and others; See license terms
Debian is a registered trademark of Software in the Public Interest, Inc.