Debian Security Advisory

DLA-427-1 nss -- LTS security update

Date Reported:
24 Feb 2016
Affected Packages:
nss
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2016-1938.
More information:

The s_mp_div function in Mozilla Network Security Services (NSS) before 3.21, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.

For the oldoldstable distribution (squeeze), these problem has been fixed in version 3.12.8-1+squeeze14.

We recommend that you upgrade your nss packages.