ELA-89-1 nss security update

multiple vulnerabilities

2019-03-05
Packagenss
Version2:3.26-1+debu7u6
Related CVEs CVE-2018-12404 CVE-2018-18508

Vulnerabilities have been discovered in nss, the Mozilla Network Security Service library.

CVE-2018-12404

Cache side-channel variant of the Bleichenbacher attack

CVE-2018-18508

NULL pointer dereference in several CMS functions resulting in a
denial of service

For Debian 7 Wheezy, these problems have been fixed in version 2:3.26-1+debu7u6.

We recommend that you upgrade your nss packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/