Debian DLA-971-1 : nss security update
Medium Nessus Plugin ID 100559
SynopsisThe remote Debian host is missing a security update.
A NULL pointer dereference vulnerability in NSS was found when server receives empty SSLv2 messages. This issue was introduced with the recent removal of SSLv2 protocol from upstream code in 3.24.0 and introduction of dedicated parser able to handle just sslv2-style hello messages.
For Debian 7 'Wheezy', this problem has been fixed in version 2:3.26-1+debu7u4.
We recommend that you upgrade your nss packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpgrade the affected packages.