LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

nss: denial of service

Package(s):nss CVE #(s):CVE-2012-0441
Created:June 8, 2012 Updated:August 21, 2012
Description:

From the Debian advisory:

Kaspar Brand discovered that Mozilla's Network Security Services (NSS) library did insufficient length checking in the QuickDER decoder, allowing to crash a program using the library.

For the stable distribution (squeeze), this problem has been fixed in version 3.12.8-1+squeeze5.

For the testing distribution (wheezy) and unstable distribution (sid), this problem has been fixed in version 2:3.13.4-3.

Alerts:
Debian DSA-2490-1 2012-06-07
Mandriva MDVSA-2012:088 2012-06-09
SUSE SUSE-SU-2012:0746-1 2012-06-15
openSUSE openSUSE-SU-2012:0760-1 2012-06-19
Ubuntu USN-1463-3 2012-06-20
Ubuntu USN-1463-4 2012-06-22
Mandriva MDVSA-2012:088-1 2012-06-23
Ubuntu USN-1463-5 2012-06-26
Ubuntu USN-1463-6 2012-06-26
Red Hat RHSA-2012:1090-01 2012-07-17
Red Hat RHSA-2012:1091-01 2012-07-17
CentOS CESA-2012:1091 2012-07-18
CentOS CESA-2012:1090 2012-07-17
Scientific Linux SL-nss-20120718 2012-07-18
Scientific Linux SL-nss-20120718 2012-07-18
Oracle ELSA-2012-1090 2012-07-18
Oracle ELSA-2012-1091 2012-07-18
Ubuntu USN-1540-1 2012-08-16
Ubuntu USN-1540-2 2012-08-21
Gentoo 201301-01 2013-01-07
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds