Package : nss Version : 2:3.26-1+debu7u3 CVE ID : CVE-2017-5461 CVE-2017-5462 Debian Bug : 862958
The NSS library is vulnerable to two security issues:
CVE-2017-5461
Out-of-bounds write in Base64 encoding. This can trigger a crash
(denial of service) and might be exploitable for code execution.
CVE-2017-5462
A flaw in DRBG number generation where the internal state V does not
correctly carry bits over.
For Debian 7 "Wheezy", these problems have been fixed in version
2:3.26-1+debu7u3.
We recommend that you upgrade your nss packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
signature.asc
Description: PGP signature
