Debian LTS: DLA-1857-1: nss security update

    Date20 Jul 2019
    CategoryDebian LTS
    383
    Posted ByLinuxSecurity Advisories
    Vulnerabilities have been discovered in nss, the Mozilla Network Security Service library.
    Package        : nss
    Version        : 2:3.26-1+debu8u5
    CVE ID         : CVE-2019-11719 CVE-2019-11729
    
    
    Vulnerabilities have been discovered in nss, the Mozilla Network
    Security Service library.
    
    CVE-2019-11719: Out-of-bounds read when importing curve25519 private key
    
        When importing a curve25519 private key in PKCS#8format with leading
        0x00 bytes, it is possible to trigger an out-of-bounds read in the
        Network Security Services (NSS) library. This could lead to
        information disclosure.
    
    CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a
        segmentation fault
    
        Empty or malformed p256-ECDH public keys may trigger a segmentation
        fault due values being improperly sanitized before being copied into
        memory and used.
    
    For Debian 8 "Jessie", these problems have been fixed in version
    2:3.26-1+debu8u5.
    
    We recommend that you upgrade your nss packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":62.5,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":12.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.