it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Salvatore Bonaccorso <carnil AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5353-1] nss security update
- Date: Fri, 17 Feb 2023 22:31:35 +0000
- Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/E1pT9GR-000c9K-8g AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=1/QSDZ5ZarwEd6MgyusWJ/WIfJNtYM6Lm1b944YQXZU=; b=DO vluWr4CQzHDL/LQljwZVdYtigJtyYzIJmDlrtAtivyxrYGVEiuUIZTcZuBd78ZUo+eJATBAOLywIR ydySJMD5o4J3QYdzL7XZC2qGmms5rGM7cL8eynWbkKBOIl6B+r/mxK8I21AHmLBQWEwVgSX8FkIp4 /vllZytD6uqTMzLdsXTRzt/IbG0ppRPZzKwbV2Ko4wMPE0DeJ+yFUAQYnW+wCtoctatSDMeit5cet DkTk86nRcioVdcwi52k+OHfGSBe91WAGYlUcGwPZpfyFGaX5nbnNtYc19O0E9fshMTOB0ARi2Xuaf qNII/fjnjxFd6Zc1ueWiPmazn1eTkkuA==;
- Old-return-path: <carnil AT seger.debian.org>
- Priority: urgent
- Resent-date: Fri, 17 Feb 2023 22:31:59 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <1h8yOKRuStP.A.UZB.fBA8jB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5353-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 17, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : nss
CVE ID : CVE-2023-0767
Christian Holler discovered that incorrect handling of PKCS 12 Safe Bag
attributes in nss, the Mozilla Network Security Service library, may
result in execution of arbitrary code if a specially crafted PKCS 12
certificate bundle is processed.
For the stable distribution (bullseye), this problem has been fixed in
version 2:3.61-1+deb11u3.
We recommend that you upgrade your nss packages.
For the detailed security status of nss please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/nss
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmPwAAtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0T2Sg//YKb+mHZd+tE0RgsTWA2XNo6kbSpnKg5R6FG/n0k9to08fXre6HWG2/E6
qEZFeOC7Hx0V1gG/N1YBsb97jiodlDrzU8rVissAxhF4xQ5157goz9Ssdjce2VMZ
QcVIM5LF5Vc6hqp/3Ti01tVRxPCFTKfHZcb9p2Jw8BerKwvSecgzDAi8Qn4jY80p
y1CAwp2j8/4bFK3dI/i1Bk+VKDXniLy6l81W3AefjHTIg8scNRyQqgj9xI5t6e5C
qheax+RfatcFNP6KvxRH2c1gQSeZ0IjD70awrtRPbpzscAYgM+iqb4NOgR7Qq3vh
UPEV4t3zdfpXM11MGJlsUDcTl2KFOQygik5VWBi5ufCpeJunWuweoIIJ4PdD+a0Q
g8Oc/nSk4XF8yMg9j5SHCVNpw+yE8v4+SCaNOJXDgIaSiu/wXOTHjfZfumLmj5Dj
SMk8wZ7hUdyJDK92oghpdBG7/ZlERwiDJGBA1aH9KhbFmdtNzGg/nrw1NNk0RF4X
6h2MZiP89hJP3nx7c/EXchhkyGeSTfcctoTHrcj8j09dXdnMZQ8ooYrOoaDALmBF
VGKVspE5S1HhjkbJNngclan/G+V01Fop+WeIHD7Mdzeh02hrIhqHEBFK+MFpsaJP
6GV7jWyKmzdi7wNpf9BmE89UQSBlrbbfERK+JqFv8bLRrsXxdW8=
=l7TH
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5353-1] nss security update, Salvatore Bonaccorso, 17.02.2023
Archiv bereitgestellt durch MHonArc 2.6.24.