Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Mangelnde Eingabeprüfung in nss
Aktuelle Meldungen Distributionen
Name: Mangelnde Eingabeprüfung in nss
ID: DSA-3186-1
Distribution: Debian
Plattformen: Debian sid, Debian wheezy
Datum: Fr, 13. März 2015, 10:35
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1569

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3186-1 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
March 13, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : nss
CVE ID : CVE-2014-1569
Debian Bug : 773625

It was discovered that the Mozilla Network Security Service library
(nss) incorrectly handled certain ASN.1 lengths. A remote attacker could
possibly use this issue to perform a data-smuggling attack.

For the stable distribution (wheezy), this problem has been fixed in
version 2:3.14.5-1+deb7u4.

For the upcoming stable distribution (jessie), this problem has been
fixed in version 2:3.17.2-1.1.

For the unstable distribution (sid), this problem has been fixed in
version 2:3.17.2-1.1.

We recommend that you upgrade your nss packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVApw+AAoJEAVMuPMTQ89Er54P/2hTUEoZIWoQtGbQRwjsLLeJ
jrVGylGUW/Ks4js4//tqlJrnjtVpQ7JUW+Waja1+/T72vTcZnKCAvAfpevNRuRe6
83SIOwOdfLFzW/6YJf/Y8YWfoeC/I3R8m1z/s7FKAuM5fLgGJlcdgbgTCQAzaKNg
7oQR1rF3ve960ISvtDxwgrbAyAS8GSTmePSmOggNv8eTZygSfn/3fkaj9XBGOqzH
/vsMM3qXcnkVt1/gDhuGikPZK58oz3tf0RvysiBhQX/JEniijeS8AWMsnElzttEd
8ouWnJeyUUgJWkBh2ktajVbSOBQVMgiHqA0rnjGLbi6SNq8TAS2vGqW2Mybjff4S
tqZIgiw45Wq2nfyKIRLWVByORotcrkxQI31XfUGw1MGh03wezCW7+fyEhblnKb8h
d8DK0InZrUUhNQ2cOPAf3jSk5jYtnvqRlZ+xxLZ6pFwNv118i73E3cQuKDMlloAB
RcLQWnBneTKaVv6b9Aah7C1WuyyuF7ls9gB5x11CTyCgOTKnepLNZMdS6/0zoXqA
I5WyvLXNIkgW2BrIhl+RT25dfO7thXUg/RVbNbDSFiN2yVobSeOh5ltiSol6QiSP
tTDZQFjPFWou48YTSHa/UtgZ7/+nfsaVlpHnSesKS5aewZKFFoXs4rhToAOvwGL3
7Vu/rlXNeyzOp2/JS4In
=AHyV
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Archive: https://lists.debian.org/E1YWKl6-0002Qx-K6@master.debian.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung