Package        : nss
Version        : 2:3.26-1+debu7u3
CVE ID         : CVE-2017-5461 CVE-2017-5462
Debian Bug     : 862958

The NSS library is vulnerable to two security issues:


    Out-of-bounds write in Base64 encoding. This can trigger a crash
    (denial of service) and might be exploitable for code execution.


    A flaw in DRBG number generation where the internal state V does not
    correctly carry bits over.

For Debian 7 "Wheezy", these problems have been fixed in version

We recommend that you upgrade your nss packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at:

Raphaël Hertzog ◈ Debian Developer

Support Debian LTS:
Learn to master Debian: