ELA-197-1 nss security update

Fix NULL deref leading to DoS

2019-11-29
Packagenss
Version2:3.26-1+debu7u10
Related CVEs CVE-2019-17007


Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may have crashed with a NULL deref leading to a Denial-of-Service.



For Debian 7 Wheezy, these problems have been fixed in version 2:3.26-1+debu7u10.

We recommend that you upgrade your nss packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.