Debian Bug report logs -
#539934
CVE-2009-2408, CVE-2009-2404, NSS multiple vulnerabilities
Package:
nss;
Maintainer for nss is Maintainers of Mozilla-related packages <team+pkg-mozilla@trackerdebianorg>;
Reported by: Giuseppe Iuculano <giuseppe@iuculanoit>
Date: Tue, 4 Aug 2009 15:03:02 UTC
Severity: serious
Tag ...
Synopsis
Critical: nspr and nss security and bug fix update
Type/Severity
Security Advisory: Critical
Topic
Updated nspr and nss packages that fix security issues and bugs are nowavailable for Red Hat Enterprise Linux 47 Extended Update SupportThis update has been rated as having critical security impact ...
Synopsis
Critical: nspr and nss security, bug fix, and enhancement update
Type/Severity
Security Advisory: Critical
Topic
Updated nspr and nss packages that fix security issues, bugs, and add anenhancement are now available for Red Hat Enterprise Linux 5This update has been rated as having critical securit ...
Synopsis
Critical: nspr and nss security and bug fix update
Type/Severity
Security Advisory: Critical
Topic
Updated nspr and nss packages that fix security issues and a bug are nowavailable for Red Hat Enterprise Linux 4This update has been rated as having critical security impact by the RedHat Security Re ...
Synopsis
Critical: seamonkey security update
Type/Severity
Security Advisory: Critical
Topic
Updated seamonkey packages that fix a security issue are now available forRed Hat Enterprise Linux 3This update has been rated as having critical security impact by the RedHat Security Response Team
Descr ...
USN-810-1 fixed vulnerabilities in NSS Jozsef Kadlecsik noticed that
the new libraries on amd64 did not correctly set stack memory flags,
and caused applications using NSS (eg Firefox) to have an executable
stack This reduced the effectiveness of some defensive security
protections This update fixes the problem ...
USN-810-1 fixed vulnerabilities in NSS This update provides the NSPR
needed to use the new NSS ...
Moxie Marlinspike discovered that NSS did not properly handle regular
expressions in certificate names A remote attacker could create a
specially crafted certificate to cause a denial of service (via application
crash) or execute arbitrary code as the user invoking the program
(CVE-2009-2404) ...
Several vulnerabilities have been discovered in the Network Security
Service libraries The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2009-2404
Moxie Marlinspike discovered that a buffer overflow in the regular
expression parser could lead to the execution of arbitrary code
CVE-2009-2408
Dan Kami ...
Several remote vulnerabilities have been discovered in the Icedove
mail client, an unbranded version of the Thunderbird mail client The
Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2009-2408
Dan Kaminsky and Moxie Marlinspike discovered that icedove does not
properly handle a '\0' character in a domain name ...
Mozilla Foundation Security Advisory 2009-43
Heap overflow in certificate regexp parsing
Announced
August 1, 2009
Reporter
Moxie Marlinspike
Impact
Critical
Products
Firefox, NSS, SeaMonkey, Thunderbird
Fixed in
...