FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

NSS -- multiple vulnerabilities

Affected packages
3.30 <= linux-c6-nss < 3.30.1
3.29 <= linux-c6-nss < 3.29.5
3.22 <= linux-c6-nss < 3.28.4
linux-c6-nss < 3.21.4
3.30 <= linux-c7-nss < 3.30.1
3.29 <= linux-c7-nss < 3.29.5
3.22 <= linux-c7-nss < 3.28.4
linux-c7-nss < 3.21.4
3.30 <= linux-f10-nss < 3.30.1
3.29 <= linux-f10-nss < 3.29.5
3.22 <= linux-f10-nss < 3.28.4
linux-f10-nss < 3.21.4
3.30 <= nss < 3.30.1
3.29 <= nss < 3.29.5
3.22 <= nss < 3.28.4
nss < 3.21.4

Details

VuXML ID 4cb165f0-6e48-423e-8147-92255d35c0f7
Discovery 2017-03-17
Entry 2017-04-19

Mozilla Foundation reports:

An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.

[source]

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.

[source]

References

CVE Name CVE-2017-5461
CVE Name CVE-2017-5462
URL https://hg.mozilla.org/projects/nss/rev/99a86619eac9
URL https://hg.mozilla.org/projects/nss/rev/e126381a3c29

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.