[SECURITY] [DLA 971-1] nss security update

2017-05-31T21:06:26
ID DEBIAN:DLA-971-1:24044
Type debian
Reporter Debian
Modified 2017-05-31T21:06:26

Description

Package : nss Version : 2:3.26-1+debu7u4 CVE ID : CVE-2017-7502 Debian Bug : 863839

CVE-2017-7502

A null pointer dereference vulnerability in NSS was found when server receives empty SSLv2 messages. This issue was introduced with the recent removal of SSLv2 protocol from upstream code in 3.24.0 and introduction of dedicated parser able to handle just sslv2-style hello messages.

For Debian 7 "Wheezy", this problem has been fixed in version 2:3.26-1+debu7u4.

We recommend that you upgrade your nss packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS


-------------- Ola Lundqvist -------------------- / opal@debian.org GPG fingerprint \ | ola@inguza.com 22F2 32C6 B1E0 F4BF 2B26 | | http://inguza.com/ 0A6A 5E90 DCFA 9426 876F / -------------------------------------------------