drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Eingabeprüfung in nss
| Name: |
Mangelnde Eingabeprüfung in nss |
|
| ID: |
DSA-3186-1 |
|
| Distribution: |
Debian |
|
| Plattformen: |
Debian sid, Debian wheezy |
|
| Datum: |
Fr, 13. März 2015, 10:35 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1569 |
|
| Applikationen: |
NSS |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3186-1 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
March 13, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : nss
CVE ID : CVE-2014-1569
Debian Bug : 773625
It was discovered that the Mozilla Network Security Service library
(nss) incorrectly handled certain ASN.1 lengths. A remote attacker could
possibly use this issue to perform a data-smuggling attack.
For the stable distribution (wheezy), this problem has been fixed in
version 2:3.14.5-1+deb7u4.
For the upcoming stable distribution (jessie), this problem has been
fixed in version 2:3.17.2-1.1.
For the unstable distribution (sid), this problem has been fixed in
version 2:3.17.2-1.1.
We recommend that you upgrade your nss packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVApw+AAoJEAVMuPMTQ89Er54P/2hTUEoZIWoQtGbQRwjsLLeJ
jrVGylGUW/Ks4js4//tqlJrnjtVpQ7JUW+Waja1+/T72vTcZnKCAvAfpevNRuRe6
83SIOwOdfLFzW/6YJf/Y8YWfoeC/I3R8m1z/s7FKAuM5fLgGJlcdgbgTCQAzaKNg
7oQR1rF3ve960ISvtDxwgrbAyAS8GSTmePSmOggNv8eTZygSfn/3fkaj9XBGOqzH
/vsMM3qXcnkVt1/gDhuGikPZK58oz3tf0RvysiBhQX/JEniijeS8AWMsnElzttEd
8ouWnJeyUUgJWkBh2ktajVbSOBQVMgiHqA0rnjGLbi6SNq8TAS2vGqW2Mybjff4S
tqZIgiw45Wq2nfyKIRLWVByORotcrkxQI31XfUGw1MGh03wezCW7+fyEhblnKb8h
d8DK0InZrUUhNQ2cOPAf3jSk5jYtnvqRlZ+xxLZ6pFwNv118i73E3cQuKDMlloAB
RcLQWnBneTKaVv6b9Aah7C1WuyyuF7ls9gB5x11CTyCgOTKnepLNZMdS6/0zoXqA
I5WyvLXNIkgW2BrIhl+RT25dfO7thXUg/RVbNbDSFiN2yVobSeOh5ltiSol6QiSP
tTDZQFjPFWou48YTSHa/UtgZ7/+nfsaVlpHnSesKS5aewZKFFoXs4rhToAOvwGL3
7Vu/rlXNeyzOp2/JS4In
=AHyV
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Archive: https://lists.debian.org/E1YWKl6-0002Qx-K6@master.debian.org
|
|
|
|
