[SECURITY] [DLA 2898-1] nss security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 2898-1] nss security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Tue, 25 Jan 2022 16:23:25 +0100 (CET)
Message-id: <[🔎] 20220125152325.847C72A040A@andromeda>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2898-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
January 25, 2022                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : nss
Version        : 2:3.26.2-1.1+deb9u5
CVE ID         : CVE-2022-22747

It was found that nss, the Mozilla Network Security Service library, was
vulnerable to a NULL pointer dereference when parsing empty PKCS 7
sequences, which could result in denial of service.

For Debian 9 stretch, this problem has been fixed in version
2:3.26.2-1.1+deb9u5.

We recommend that you upgrade your nss packages.

For the detailed security status of nss please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nss

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmHwFekACgkQnUbEiOQ2
gwJraA/8Cqn3GUsf1Gope02tVRMpeZmXxroGEX74vbpgtrQKGZzaZ78iI8yryTEv
NEXkY8AEjzqmY4jtG3zcqdflCeq9FQob8+4gHGcvnfG/8mi4+HntqK+PP6sO2ccQ
Zj77uK/FcWyqBmW0eMqkoBCutf3FznkkK43xjQtCbubkY3c8emxu+g72JED12001
SPteJ1lp+tzRFddf7SnxsASs1tv7vw2rFwZo3uoCrhDKqzXunVtlT+mLiIR0uifP
ml7UNNnpEyS2VZnW0gdcjnYvdL4BZXXjBRLbWCDM1jWfj7g9ING5wcDlJLC9PzjJ
iV3OA4Eh59OReIZCSL4qmGVjEq8pvF/N3etGY1AxO6yGsNoLBypkjJE6VeSpJFhP
z3QBFDVJTMWnt4RTwqS9K/3zPtyiJ2hWPRmr7qsVWUb0046Be+/Ea7ZSNd5SwGi/
M1/hsM5P/uqr2srPAMoMXfAiuwP9sH3ycnT6o8amD1XUikhGI9KdqdkfDgCQGLX/
xPdWAiRMKIud6PSuJs9HpgduzHaDGd+OfPL0hSKFnObnSMQvmFEQV37C5bCrSPoo
c0HQM4Jl+pDGt2s0mOT5PEx9TF0N2rhU7/NCcN/qjIVYYIRxkkhPmawwWxeZBwfR
oITeg43/xHF/XalY2u4s2fmtNBFg5j/xq1ryRcN9TtInTT7fuIY=
=mBSU
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2894-1] aide security update
Next by Date: [SECURITY] [DLA 2899-1] policykit-1 security update
Previous by thread: [SECURITY] [DLA 2894-1] aide security update
Next by thread: [SECURITY] [DLA 2899-1] policykit-1 security update
Index(es):
- Date
- Thread