| Errata ID | 59 |
|---|---|
| Date | 2017-06-28 |
| Source package | nss |
| Fixed in version | 2:3.26-1+debu8u2 |
| Description | This update addresses the following issues: * Out-of-bounds write in Base64 encoding. This can trigger a crash (denial of service) and might be exploitable for code execution (CVE-2017-5461) * A flaw in DRBG number generation where the internal state V does not correctly carry bits over (CVE-2017-5462) * Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker (CVE-2017-7502) |
| Additional notes | |
| CVE ID | CVE-2017-5461 CVE-2017-5462 CVE-2017-7502 |
| UCS Bug number | #44777 |
