ArchLinux: 201511-4: nspr: arbitrary code execution
Summary
A logic bug in the handling of large allocations would allow exceptionally large allocations to be reported as successful, without actually allocating the requested memory. This may allow attackers to bypass security checks and obtain control of arbitrary memory.
Resolution
Upgrade to 4.10.10-1.
# pacman -Syu "nspr>=4.10.10-1"
The problem has been fixed upstream in version 4.10.10.
References
https://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12386.html https://access.redhat.com/security/cve/CVE-2015-7183
Workaround
None.