[Swan] [Swan-announce] NSS vulnerability likely affecting libreswan

The Libreswan Project team at libreswan.org
Sun Apr 23 00:17:10 UTC 2017


Please upgrade nss to one of the recommend versions:

https://rhn.redhat.com/errata/RHSA-2017-1100.html

An out-of-bounds write flaw was found in the way NSS performed certain
Base64-decoding operations. An attacker could use this flaw to create a
specially crafted certificate which, when parsed by NSS, could cause it
to crash or execute arbitrary code, using the permissions of the user
running an application compiled against the NSS library. (CVE-2017-5461)

_______________________________________________
Swan-announce mailing list
Swan-announce at lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-announce


More information about the Swan mailing list