| Errata ID | 438 |
|---|---|
| Date | 2017-07-05 |
| Source package | nss |
| Fixed in version | 2:3.26-1+debu7u4.35.201706011823 |
| Description | This update addresses the following issues: * existing mitigation of timing side-channel attacks insufficient (CVE-2016-9074) * Out-of-bounds write in Base64 encoding. This can trigger a crash (denial of service) and might be exploitable for code execution (CVE-2017-5461) * A flaw in DRBG number generation where the internal state V does not correctly carry bits over (CVE-2017-5462) * Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker (CVE-2017-7502) |
| Additional notes | |
| CVE ID | CVE-2016-9074 CVE-2017-5461 CVE-2017-5462 CVE-2017-7502 |
| UCS Bug number | #42858 |
