Debian Security Advisory 5016-1

Debian Security Advisory 5016-1: Posted Dec 28, 2021; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5016-1 - Tavis Ormandy discovered that nss, the Mozilla Network Security Service library, is prone to a heap overflow flaw when verifying DSA or RSA-PPS signatures, which could result in denial of service or potentially the execution of arbitrary code.; tags | advisory, denial of service, overflow, arbitrary; systems | linux, debian; advisories | CVE-2021-43527; SHA-256 | 35d9a4d43f640926eb2420ef777ea504b336ac1a1fd52fd509acd24e3675989f; Download | Favorite | View

Debian Security Advisory 5016-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5016-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
December 01, 2021                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : nss
CVE ID         : CVE-2021-43527

Tavis Ormandy discovered that nss, the Mozilla Network Security Service
library, is prone to a heap overflow flaw when verifying DSA or RSA-PPS
signatures, which could result in denial of service or potentially the
execution of arbitrary code.

For the oldstable distribution (buster), this problem has been fixed
in version 2:3.42.1-1+deb10u4.

For the stable distribution (bullseye), this problem has been fixed in
version 2:3.61-1+deb11u1.

We recommend that you upgrade your nss packages.

For the detailed security status of nss please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/nss

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmGn7iNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SQmhAAj6qhWqyvQoH+Yik+MwimdQPRYqvVNMNxjYmHu7eQm1GHAvJoubi7guCd
mJbZHDAhEgH1RimUQlk1gVEAEm5BmRRcwhT2RPObWesLiyYVZXNl68xpUucqQJJ/
bOvulQ3l850RiNIZO5kwc/9OMADUb3GHD6wfMEbYJD0ZMlP+rlCwuK8ZA5Q5ap/P
1moNxWqaUg8GuIDVqF4kctpK2oL2Evba7X2IJj/JdlEMLc1fFw5Lxc61TroXLO8V
xIPKe1CBu0dUfEUSYTz1AXMfisLgVC5NpIABQ/IEGhQiSrbQ+ZmNMaDUiQPfsOFg
O/4RX6tHchXcDDiA5LT2vH8Janweg0M9VcoQHzD/cqRpvbutQHGRappK77os9Tmo
QaL5OMDAVTI6OjwnMQaDfbwK1tC0/gWiVkeuNMeceME85Dxy14smYMOj4DcJGJo8
Pyb8xtX4ZsdZI3NRGaC6CHeoYE3Dur2ae62KUdPTzoU0qwL3xVCtICZJ2mSL3xM5
yLN4hMssO/9cgWltp77COKf9ksz7o7HCJ0UYMG/EwpmNp5gsGYqZqR/w/nHYl5lK
9qe6QDoGAB1GbjHr4R4AUh5EDj8GL+RbqroIRwGlEC7tiv7cdC0gpOEovjohLasB
Da7DeGKvZqdOaHP6NbRvzWB/lXocjXbfw3Rap3minC790HPPteE=
=L/PN
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 219 files
indoushka 133 files
Jay Turla 131 files
Ubuntu 59 files
h00die 35 files
Gentoo 33 files
sinn3r 29 files
Debian 27 files
juan vazquez 27 files
H D Moore 23 files

File Archives

Systems

AIX (429)
Apple (2,104)
BSD (378)
CentOS (58)
Cisco (1,948)
Debian (7,112)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (880)
iOS (386)
iPhone (108)
IRIX (220)
Juniper (70)
Linux (50,967)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,661)
Slackware (941)
Solaris (1,614)
SUSE (1,444)
Ubuntu (9,789)
UNIX (9,443)
UnixWare (187)
Windows (6,739)
Other

Debian Security Advisory 5016-1

Debian Security Advisory 5016-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 5016-1

Share This

Debian Security Advisory 5016-1

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems