blob: 7a9585c295fa3b39ed729e09d1f5ece9dd785fa8 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
#use wml::debian::translation-check translation="9ee1811408c17449678cf76df63e03b10fb35bd8" mindelta="1"
<define-tag description>sikkerhedsopdatering</define-tag>
<define-tag moreinfo>
<p>Flere sårbarheder have been discovered in nss, the Mozilla Network
Security Service library:</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2013-1741">CVE-2013-1741</a>
<p>Runaway memset in certificate parsing on 64-bit computers leading to
a crash by attempting to write 4Gb of nulls.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2013-5606">CVE-2013-5606</a>
<p>Certificate validation with the verifylog mode did not return
validation errors, but instead expected applications to determine
the status by looking at the log.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-1491">CVE-2014-1491</a>
<p>Ticket handling protection mechanisms bypass due to the lack of
restriction of public values in Diffie-Hellman key exchanges.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2014-1492">CVE-2014-1492</a>
<p>Incorrect IDNA domain name matching for wildcard certificates could
allow specially-crafted invalid certificates to be considered as
valid.</p></li>
</ul>
<p>I den stabile distribution (wheezy), er disse problemer rettet i
version 2:3.14.5-1+deb7u1.</p>
<p>For the distributionen testing (jessie), and the ustabile distribution (sid),
er disse problemer rettet i version 2:3.16-1.</p>
<p>Vi anbefaler at du opgraderer dine nss-pakker.</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2014/dsa-2994.data"
|