-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2836-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 02, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : nss Version : 2:3.26.2-1.1+deb9u3 CVE ID : CVE-2021-43527 Tavis Ormandy discovered that nss, the Mozilla Network Security Service library, is prone to a heap overflow flaw when verifying DSA or RSA-PPS signatures, which could result in denial of service or potentially the execution of arbitrary code. For Debian 9 stretch, this problem has been fixed in version 2:3.26.2-1.1+deb9u3. We recommend that you upgrade your nss packages. For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nss Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmGow+AACgkQgj6WdgbD S5Z2WxAAq1KeuWH0hjS5AhRv9lYQmlwHIjCph16QfrLQZ168gBtL3uXlH5GUr3uJ K/A7gvZp45y+Z/vsPSVMjSYOpoxuWwk1XO9kP2DmuoFLrytfkkQ6k7/ElBbaFApV 74Ob5nIxbqANMRH7/Jr2JEeaCvTzNn4D3z6dtrTiZyL9ufoOjEg/DYrjk5lsoLIy KXQvLQPVsh6j3UOZcuoydvxZYLcSSY9299OlOTDnkY0F4XnlCV4Vd6ENNRJnEt0z RPWi/eIos5eaePn9uzu9VqEwEJo7O3iYuxXSQlt3b1enHtwxhSYRB50WvUkxk3Wt 8VRtsGaSMl5QswDsMDFsNWn1HllbMNIwTjZSb65zvfjGmzxqvQbf5YFz4dYWlfY9 f/FhdYCHkifSZRuPPoB2S6XyhdmDvQyK5386YhOg8+DdHoEPSXFKYTsti9Q43c/f yL0tim5vItmuSuVfDkXMP2yOojA3Qux+PWFMeh2G3LfBZ2/7+y6BGVhFssQvpXhM iTvfmVF6y+xIEa7OO3XOsoGdpbFfbgXS+WgHJ0uouPrfSI0LvZMRq0DRmPbLgwXf 5gsJ0O+5qjPUXrKvbBXRnUkS0/EQz3FVgdIG2UzO1OexkZRyYgl/H5+cb3Rj5ckn H4+hFDeU1808VZTX/HXppDRpbUQs2mz8a+IXmTKwrwEJ0YLq9uM= =uAs4 -----END PGP SIGNATURE-----
