[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 971-1] nss security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : nss
Version        : 2:3.26-1+debu7u4
CVE ID         : CVE-2017-7502
Debian Bug     : 863839

CVE-2017-7502

  A null pointer dereference vulnerability in NSS was found when server
  receives empty SSLv2 messages. This issue was introduced with the recent
  removal of SSLv2 protocol from upstream code in 3.24.0 and introduction
  of dedicated parser able to handle just sslv2-style hello messages.

For Debian 7 "Wheezy", this problem has been fixed in version
2:3.26-1+debu7u4.

We recommend that you upgrade your nss packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -- 
 -------------- Ola Lundqvist --------------------
/  opal@debian.org       GPG fingerprint          \
|  ola@inguza.com        22F2 32C6 B1E0 F4BF 2B26 |
|  http://inguza.com/    0A6A 5E90 DCFA 9426 876F /
 -------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJZLydTAAoJEF6Q3PqUJodvB9YQAJKKo/+SEtv854Of/+Jaq2Ya
dRDjmYenrtXyU4NmFpOeOIZ6hqAxzna6vgjXM1XEyFmKU5KbXERgZtTA0pVL8ztZ
1FVJcV4X6wD/Tw7B+yVX3Ne3OlmoKWOy9HTPMYfUWnBaYEiUJFie9yIjGiBV1Gfk
BzSrf1g5NVxtJ3C2dS4vbYl8uAsoc+btrqcNDUFdZDadKAdvofQ7edubhGhXZ7Uw
ZFaSnh9zfL21fOd+C+9VONMtTLAWZPy/sgDm79WVc4Yxl/YU90ERO5YMtYc/eW11
rXMEO40YOMDCF23w/X2SGgPZIFRfBz+92ef4pgpQmXvFlycgdTxkWT/jrTCiYBPh
SI7wLIKA6xPYg4PDv92LioMURB90hPeKPiDDOSwwPjsYT8u5J8Cb9+R12OXFXEuh
WPQJ8cmLLX1HQbY76ntj0045HbS9NqeojOwHdAyim62abRsNtUfeIx9Uw4AtIcuC
1XMoszTt5FmwW8Oc9nQDQCF2h8k0yEAD1Dx6iWTuc8lmwy3vq7LCAoxYwadB2oKA
Fdwepft1Bhy3iYBGPOp8G2+3c64JQFTAJtOWeQt+iFLaTuuKSFgWuuZuYid6Cdc3
tmqY1zeerTSkQfq08Bzt3GEv44DgX2nmSiKqK3t5n8QOn1UifurRQ4Bfn5F97eUo
syoX/4AmfBt+QfeqaduS
=tphX
-----END PGP SIGNATURE-----


Reply to: