lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 02 Nov 2013 06:11:39 +0000 From: Salvatore Bonaccorso <carnil@...ian.org> To: debian-security-announce@...ts.debian.org Subject: [SECURITY] [DSA 2790-1] nss security update -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2790-1 security@...ian.org http://www.debian.org/security/ Salvatore Bonaccorso November 02, 2013 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nss Vulnerability : uninitialized memory read Problem type : remote Debian-specific: no CVE ID : CVE-2013-1739 Debian Bug : 726473 A flaw was found in the way the Mozilla Network Security Service library (nss) read uninitialized data when there was a decryption failure. A remote attacker could use this flaw to cause a denial of service (application crash) for applications linked with the nss library. The oldstable distribution (squeeze) is not affected by this problem. For the stable distribution (wheezy), this problem has been fixed in version 2:3.14.4-1. The packages in the stable distribution were updated to the latest patch release 3.14.4 of the library to also include a regression bugfix for a flaw that affects the libpkix certificate verification cache. More information can be found via: https://developer.mozilla.org/en-US/docs/NSS/NSS_3.14.4_release_notes For the testing distribution (jessie), this problem has been fixed in version 2:3.15.2-1. For the unstable distribution (sid), this problem has been fixed in version 2:3.15.2-1. We recommend that you upgrade your nss packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@...ts.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJSdJSfAAoJEAVMuPMTQ89EolAQAKJMoAA1k5jKzEa6sXzt2nut Osw/Km/Jio6qBQdUMc40QeRWjy3dCNtufE6t+ffRH/NUg/ZREE+5YPbKYuZXqKVQ LJ+7CUlv8FClKafoW1UvHjPmj8lfTFjI1e31dh4KgOkqanZ2ufVwWETolvEoEkTs gySXv1z5e0/OgpSHx9pHmJbYmC+p4+fex/eK3OrCGynQNh1MAarcetiXVl4QnbFe uJ5YE4jdJGJ4p746b1zVKGKLNKtVW5cT6h4HMZ6EHLBbGAfi35i+Qa9ZdQMS1ncC 3xssfmmGVR+J8hzyMNx3USCHRe5CjqOIsR0oaEcmijO/m/7w+GSzk0jIYxI9PgyV RmRf+sLoSBSvlaFHTfaqOF/vPJXL1S7vPkMNWJ/pQQk8QueEsTdH+FzZh99aQ1eP IMHd2GYF3sgD8LjafxFBkXLVDTgfR3LilMOAZHGVM6+jFySeGiv80ywGnvlWuuV4 2fDNiOFClDeziECezCQSxsizC2TZ9jHyB7NcxxhYt40w5q66i8UhLBWXwKjXLRco FVvAHIs8RfSlHDvIag2+TttSuTuQ20zAS83lXMsA2UyP4PLGGpRg6mPcfs4TgGN3 69oq4YaySp6dxvu8WcxdMQWMKj4LamT+XUch6q44euNystg1MNILK7tgGeFti0Mk vSnOSXPCRrlLrCsHVR2/ =4pBK -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists