DebianDEBIAN:DLA-89-1:1CD2A[SECURITY] [DLA 89-1] nss security update
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.106 Low
EPSS
Percentile
95.0%
Package : nss
Version : 3.12.8-1+squeeze10
CVE ID : CVE-2014-1544
In nss, a set of libraries designed to support cross-platform development
of security-enabled client and server applications, Tyson Smith and Jesse
Schwartzentruber discovered a use-after-free vulnerability that allows
remote attackers to execute arbitrary code by triggering the improper
removal of an NSSCertificate structure from a trust domain.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 6 | all | libnss3-dev | < 3.12.8-1+squeeze10 | libnss3-dev_3.12.8-1+squeeze10_all.deb |
| Debian | 6 | all | nss | < 3.12.8-1+squeeze10 | nss_3.12.8-1+squeeze10_all.deb |
| Debian | 6 | all | libnss3-1d-dbg | < 3.12.8-1+squeeze10 | libnss3-1d-dbg_3.12.8-1+squeeze10_all.deb |
| Debian | 6 | all | libnss3-tools | < 3.12.8-1+squeeze10 | libnss3-tools_3.12.8-1+squeeze10_all.deb |
| Debian | 6 | all | libnss3-1d | < 3.12.8-1+squeeze10 | libnss3-1d_3.12.8-1+squeeze10_all.deb |
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.106 Low
EPSS
Percentile
95.0%