Arch Linux: ASA-201511-3 Critical: nss Heap Overflow Remote Code Execution

The package nss before version 3.20.1-1 is vulnerable to a heap-overflow vulnerability leading to arbitrary code execution.

Arch Linux Security Advisory ASA-201511-3
========================================
Severity: Critical
Date    : 2015-11-06
CVE-ID  : CVE-2015-7181 CVE-2015-7182
Package : nss
Type    : arbitrary code execution
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package nss before version 3.20.1-1 is vulnerable to a heap-overflow
vulnerability leading to arbitrary code execution.

Resolution
=========
Upgrade to 3.20.1-1.

# pacman -Syu "nss>=3.20.1-1"

The problem has been fixed upstream in version 3.20.1.

Workaround
=========
None.

Description
==========
Several issues existed within the ASN.1 decoder used by NSS for handling
streaming BER data. While the majority of NSS uses a separate,
unaffected DER decoder, several public routines also accept BER data,
and thus are affected. An attacker that successfully exploited these
issues can overflow the heap and may be able to obtain remote code
execution.

Impact
=====
A remote attacker, by submitting crafted ASN.1 data in BER format, can
execute arbitrary code on the affected host.

References
=========
https://www.mail-archive.com/This email address is being protected from spambots. You need JavaScript enabled to view it./msg12386.html
https://access.redhat.com/security/cve/CVE-2015-7181
https://access.redhat.com/security/cve/CVE-2015-7182