[SECURITY] [DLA 2836-1] nss security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2836-1] nss security update
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Thu, 2 Dec 2021 18:33:34 +0530
Message-id: <[🔎] CAPP0f95AzNJb03G62V=kDU7QpCnA87m1Gz-Q9ju1T74R_nZApw@mail.gmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2836-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
December 02, 2021                           https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : nss
Version        : 2:3.26.2-1.1+deb9u3
CVE ID         : CVE-2021-43527

Tavis Ormandy discovered that nss, the Mozilla Network Security Service
library, is prone to a heap overflow flaw when verifying DSA or RSA-PPS
signatures, which could result in denial of service or potentially the
execution of arbitrary code.

For Debian 9 stretch, this problem has been fixed in version
2:3.26.2-1.1+deb9u3.

We recommend that you upgrade your nss packages.

For the detailed security status of nss please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nss

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmGow+AACgkQgj6WdgbD
S5Z2WxAAq1KeuWH0hjS5AhRv9lYQmlwHIjCph16QfrLQZ168gBtL3uXlH5GUr3uJ
K/A7gvZp45y+Z/vsPSVMjSYOpoxuWwk1XO9kP2DmuoFLrytfkkQ6k7/ElBbaFApV
74Ob5nIxbqANMRH7/Jr2JEeaCvTzNn4D3z6dtrTiZyL9ufoOjEg/DYrjk5lsoLIy
KXQvLQPVsh6j3UOZcuoydvxZYLcSSY9299OlOTDnkY0F4XnlCV4Vd6ENNRJnEt0z
RPWi/eIos5eaePn9uzu9VqEwEJo7O3iYuxXSQlt3b1enHtwxhSYRB50WvUkxk3Wt
8VRtsGaSMl5QswDsMDFsNWn1HllbMNIwTjZSb65zvfjGmzxqvQbf5YFz4dYWlfY9
f/FhdYCHkifSZRuPPoB2S6XyhdmDvQyK5386YhOg8+DdHoEPSXFKYTsti9Q43c/f
yL0tim5vItmuSuVfDkXMP2yOojA3Qux+PWFMeh2G3LfBZ2/7+y6BGVhFssQvpXhM
iTvfmVF6y+xIEa7OO3XOsoGdpbFfbgXS+WgHJ0uouPrfSI0LvZMRq0DRmPbLgwXf
5gsJ0O+5qjPUXrKvbBXRnUkS0/EQz3FVgdIG2UzO1OexkZRyYgl/H5+cb3Rj5ckn
H4+hFDeU1808VZTX/HXppDRpbUQs2mz8a+IXmTKwrwEJ0YLq9uM=
=uAs4
-----END PGP SIGNATURE-----

Reply to:

Next by Date: [SECURITY] [DLA 2837-1] gmp security update
Next by thread: [SECURITY] [DLA 2837-1] gmp security update
Index(es):
- Date
- Thread