[Swan-announce] NSS vulnerability likely affecting libreswan

The Libreswan Project team at libreswan.org
Sun Apr 23 00:17:10 UTC 2017

Please upgrade nss to one of the recommend versions:


An out-of-bounds write flaw was found in the way NSS performed certain
Base64-decoding operations. An attacker could use this flaw to create a
specially crafted certificate which, when parsed by NSS, could cause it
to crash or execute arbitrary code, using the permissions of the user
running an application compiled against the NSS library. (CVE-2017-5461)

More information about the Swan-announce mailing list