Univention Bugzilla – Bug 48851
nss: Multiple issues (4.2)
Last modified: 2019-03-06 14:24:24 CET
New Debian nss 2:3.26-1+debu8u4 fixes: This update addresses the following issues: * Cache side-channel variant of the Bleichenbacher attack (CVE-2018-12404) * NULL pointer dereference in several CMS functions resulting in a denial of service (CVE-2018-18508)
--- mirror/ftp/4.2/unmaintained/4.2-4/source/nss_3.26-1+debu8u3.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/nss_3.26-1+debu8u4.dsc @@ -1,3 +1,15 @@ +2:3.26-1+debu8u4 [Mon, 04 Mar 2019 09:46:23 -0500] Roberto C. Sanchez <roberto@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * Update nss/tests/libpkix/certs/PayPalEE.cert to work-around the fact that + the former certificate has expired. The new certificate expiry is + 2020-08-18. Also update the expected OID through (adds + debian/patches/replace_expired_paypal_cert.patch). + * Add patches to fix two security issues: + - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack + - CVE-2018-18508: NULL pointer dereference in several CMS functions + resulting in a denial of service (Closes: #921614) + 2:3.26-1+debu8u3 [Sat, 07 Oct 2017 21:33:20 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://10.200.17.11/4.2-5/#2009491523397746279>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] 2c7312e410 Bug #48851: nss 2:3.26-1+debu8u4 doc/errata/staging/nss.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
<http://errata.software-univention.de/ucs/4.2/611.html>