-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2898-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort January 25, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : nss Version : 2:3.26.2-1.1+deb9u5 CVE ID : CVE-2022-22747 It was found that nss, the Mozilla Network Security Service library, was vulnerable to a NULL pointer dereference when parsing empty PKCS 7 sequences, which could result in denial of service. For Debian 9 stretch, this problem has been fixed in version 2:3.26.2-1.1+deb9u5. We recommend that you upgrade your nss packages. For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nss Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmHwFekACgkQnUbEiOQ2 gwJraA/8Cqn3GUsf1Gope02tVRMpeZmXxroGEX74vbpgtrQKGZzaZ78iI8yryTEv NEXkY8AEjzqmY4jtG3zcqdflCeq9FQob8+4gHGcvnfG/8mi4+HntqK+PP6sO2ccQ Zj77uK/FcWyqBmW0eMqkoBCutf3FznkkK43xjQtCbubkY3c8emxu+g72JED12001 SPteJ1lp+tzRFddf7SnxsASs1tv7vw2rFwZo3uoCrhDKqzXunVtlT+mLiIR0uifP ml7UNNnpEyS2VZnW0gdcjnYvdL4BZXXjBRLbWCDM1jWfj7g9ING5wcDlJLC9PzjJ iV3OA4Eh59OReIZCSL4qmGVjEq8pvF/N3etGY1AxO6yGsNoLBypkjJE6VeSpJFhP z3QBFDVJTMWnt4RTwqS9K/3zPtyiJ2hWPRmr7qsVWUb0046Be+/Ea7ZSNd5SwGi/ M1/hsM5P/uqr2srPAMoMXfAiuwP9sH3ycnT6o8amD1XUikhGI9KdqdkfDgCQGLX/ xPdWAiRMKIud6PSuJs9HpgduzHaDGd+OfPL0hSKFnObnSMQvmFEQV37C5bCrSPoo c0HQM4Jl+pDGt2s0mOT5PEx9TF0N2rhU7/NCcN/qjIVYYIRxkkhPmawwWxeZBwfR oITeg43/xHF/XalY2u4s2fmtNBFg5j/xq1ryRcN9TtInTT7fuIY= =mBSU -----END PGP SIGNATURE-----
