[SECURITY] [DSA 2994-1] nss security update

2014-07-3111:51:32

lists.debian.org

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

52.3%

JSON

Debian Security Advisory DSA-2994-1 [email protected]
http://www.debian.org/security/ Raphael Geissert
July 31, 2014 http://www.debian.org/security/faq

Package : nss
CVE ID : CVE-2013-1741 CVE-2013-5606 CVE-2014-1491 CVE-2014-1492

Several vulnerabilities have been discovered in nss, the Mozilla Network
Security Service library:

CVE-2013-1741

Runaway memset in certificate parsing on 64-bit computers leading to
a crash by attempting to write 4Gb of nulls.

CVE-2013-5606

Certificate validation with the verifylog mode did not return
validation errors, but instead expected applications to determine
the status by looking at the log.

CVE-2014-1491

Ticket handling protection mechanisms bypass due to the lack of
restriction of public values in Diffie-Hellman key exchanges.

CVE-2014-1492

Incorrect IDNA domain name matching for wildcard certificates could
allow specially-crafted invalid certificates to be considered as
valid.

For the stable distribution (wheezy), these problems have been fixed in
version 2:3.14.5-1+deb7u1.

For the testing distribution (jessie), and the unstable distribution (sid),
these problems have been fixed in version 2:3.16-1.

We recommend that you upgrade your nss packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7ia64libnss3-dbg< 2:3.14.5-1+deb7u1libnss3-dbg_2:3.14.5-1+deb7u1_ia64.deb
Debian7powerpclibnss3-tools< 2:3.14.5-1+deb7u1libnss3-tools_2:3.14.5-1+deb7u1_powerpc.deb
Debian7i386libnss3-tools< 2:3.14.5-1+deb7u1libnss3-tools_2:3.14.5-1+deb7u1_i386.deb
Debian7armellibnss3-dbg< 2:3.14.5-1+deb7u1libnss3-dbg_2:3.14.5-1+deb7u1_armel.deb
Debian7kfreebsd-amd64libnss3< 2:3.14.5-1+deb7u1libnss3_2:3.14.5-1+deb7u1_kfreebsd-amd64.deb
Debian7powerpclibnss3-dbg< 2:3.14.5-1+deb7u1libnss3-dbg_2:3.14.5-1+deb7u1_powerpc.deb
Debian6i386libnss3-tools< 3.12.8-1+squeeze8libnss3-tools_3.12.8-1+squeeze8_i386.deb
Debian7sparclibnss3-dbg< 2:3.14.5-1+deb7u1libnss3-dbg_2:3.14.5-1+deb7u1_sparc.deb
Debian7ia64libnss3-1d< 2:3.14.5-1+deb7u1libnss3-1d_2:3.14.5-1+deb7u1_ia64.deb
Debian7ia64libnss3-dev< 2:3.14.5-1+deb7u1libnss3-dev_2:3.14.5-1+deb7u1_ia64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	ia64	libnss3-dbg	< 2:3.14.5-1+deb7u1	libnss3-dbg_2:3.14.5-1+deb7u1_ia64.deb
Debian	7	powerpc	libnss3-tools	< 2:3.14.5-1+deb7u1	libnss3-tools_2:3.14.5-1+deb7u1_powerpc.deb
Debian	7	i386	libnss3-tools	< 2:3.14.5-1+deb7u1	libnss3-tools_2:3.14.5-1+deb7u1_i386.deb
Debian	7	armel	libnss3-dbg	< 2:3.14.5-1+deb7u1	libnss3-dbg_2:3.14.5-1+deb7u1_armel.deb
Debian	7	kfreebsd-amd64	libnss3	< 2:3.14.5-1+deb7u1	libnss3_2:3.14.5-1+deb7u1_kfreebsd-amd64.deb
Debian	7	powerpc	libnss3-dbg	< 2:3.14.5-1+deb7u1	libnss3-dbg_2:3.14.5-1+deb7u1_powerpc.deb
Debian	6	i386	libnss3-tools	< 3.12.8-1+squeeze8	libnss3-tools_3.12.8-1+squeeze8_i386.deb
Debian	7	sparc	libnss3-dbg	< 2:3.14.5-1+deb7u1	libnss3-dbg_2:3.14.5-1+deb7u1_sparc.deb
Debian	7	ia64	libnss3-1d	< 2:3.14.5-1+deb7u1	libnss3-1d_2:3.14.5-1+deb7u1_ia64.deb
Debian	7	ia64	libnss3-dev	< 2:3.14.5-1+deb7u1	libnss3-dev_2:3.14.5-1+deb7u1_ia64.deb