Unsubscribe On Mon, Aug 17, 2015 at 2:13 PM, Salvatore Bonaccorso <car...@debian.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-3336-1 secur...@debian.org > https://www.debian.org/security/ Salvatore Bonaccorso > August 17, 2015 https://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : nss > CVE ID : CVE-2015-2721 CVE-2015-2730 > > Several vulnerabilities have been discovered in nss, the Mozilla Network > Security Service library. The Common Vulnerabilities and Exposures project > identifies the following problems: > > CVE-2015-2721 > > Karthikeyan Bhargavan discovered that NSS incorrectly handles state > transitions for the TLS state machine. A man-in-the-middle attacker > could exploit this flaw to skip the ServerKeyExchange message and > remove the forward-secrecy property. > > CVE-2015-2730 > > Watson Ladd discovered that NSS does not properly perform Elliptical > Curve Cryptography (ECC) multiplication, allowing a remote attacker > to potentially spoof ECDSA signatures. > > For the oldstable distribution (wheezy), these problems have been fixed > in version 2:3.14.5-1+deb7u5. > > For the stable distribution (jessie), these problems have been fixed in > version 2:3.17.2-1.1+deb8u1. > > For the testing distribution (stretch), these problems have been fixed > in version 2:3.19.1-1. > > For the unstable distribution (sid), these problems have been fixed in > version 2:3.19.1-1. > > We recommend that you upgrade your nss packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://www.debian.org/security/ > > Mailing list: debian-security-annou...@lists.debian.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBCgAGBQJV0jEdAAoJEAVMuPMTQ89EbcoP/2lAa4LK7T2Bn199scnMF+qB > wUu3xnqCarNP2p9zGxmk5Hc4Gqdwh7uYMfxSYwFL71tSME78Hk3latLAlPm9Jjme > CkKulWaYBZmZtincdkXUcnhXWUeVj43CALUsZQ02zpXBQcLW4Brl8AvoDqFFx9ZH > aDBe4ETeQKKbm22RaLOvHY7jfLbKhB6h4xbgQ6qo7TOvth8TQTjsQNhaOfs7jkfv > yvBRp721cDbSfJIZexEOok9i7GU3W7UkLQEIAK+wdArlssR6qmZwWBPSF660Q27C > hPRC5N1grEgzPHCoB87C0sxJXC3qF1ti8P7TDyB2b4DdWO04GPb5xrOL73vZYzqH > /UH5YQpMX9dnmZogyZBjmCSFXqAgypdgUNwg1UHCMHhGCw/Qxb6T02ok0YIHvBeH > EIdyid4jAovvDQViSTpWhkTRjzGxPQcwckUzvi6iJ9ylT5cqEZKA9+3K8i64oJgZ > j/wGj5X06+DSG8gYzHZyjGFJ1d4yldDHOxmSVfA0ynoSiW9MPbVT+PYMbwNGDHmP > QNMZInUTxrO3haI84cA4AJYrLSJYNKL95Ps2WZJXR9pVm4WW8ceOAKSt8+06jeYL > 5JlfSQcMugBmLDErnf0NfeBSDOvpS2XvWLpZeLFWvBsWz52armPLMYQ+x501wA5X > CgaRR9tJehVdcDG2c07j > =/Chx > -----END PGP SIGNATURE----- > >
