Univention Bugzilla – Bug 44777
nss: Multiple issues (4.2)
Last modified: 2017-06-28 15:33:41 CEST
Upstream Debian package has bee updated to version 2:3.26-1+debu8u2 which fixes: * Out-of-bounds write in Base64 encoding. This can trigger a crash (denial of service) and might be exploitable for code execution (CVE-2017-5461) * A flaw in DRBG number generation where the internal state V does not correctly carry bits over (CVE-2017-5462) * Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker (CVE-2017-7502)
r80214 | Bug #44777: nss A doc/errata/staging/nss.yaml QA: piuparts -D debian --keep-sources-list -d --bindmount=/var/univention/buildsystem2/apt/ucs_4.2-0-errata4.2-0 --verbose -b /var/univention/buildsystem2/pbuilder/ucs_4.2-0-errata4.2-0_amd64.tgz /var/univention/buildsystem2/apt/ucs_4.2-0-errata4.2-0/amd64/libnss3-tools_3.26-1+debu8u2_amd64.deb
I've installed univention-java and updated. * Package imported and built in errata4.2-0 * I've moved and updated the advisory to errata4.2-1 * Advisory content ok (magic, looks like collected from two DLAs) * Package update ok (libnss3) Reopen: The package is not shown in errata4.2-0 by repo_stat.py
(In reply to Arvid Requate from comment #2) > Reopen: The package is not shown in errata4.2-0 by repo_stat.py Fixed
Ok
<http://errata.software-univention.de/ucs/4.2/59.html>