Debian Security Advisory DSA 2820-1 (nspr - Integer Overflow) Network Vulnerability

Summary

It was discovered that NSPR, Netscape Portable Runtime library, could crash an application using the library when parsing a certificate that causes an integer overflow. This flaw only affects 64-bit systems.

Solution

For the oldstable distribution (squeeze), this problem has been fixed in version 4.8.6-1+squeeze1. For the stable distribution (wheezy), this problem has been fixed in version 2:4.9.2-1+deb7u1. For the testing distribution (jessie), and the unstable distribution (sid), this problem has been fixed in version 2:4.10.2-1. We recommend that you upgrade your nspr packages.

Affected

nspr on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2013/dsa-2820.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-5607

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1009-1 (crossfire)
Debian Security Advisory DSA 1082-1 (kernel-2.4.17)
Debian Security Advisory DSA 075-1 (netkit-telnet-ssl)
Debian Security Advisory DSA 002-1 (fsh)
Debian Security Advisory DSA 040-1 (slrn)

Debian Security Advisory DSA 2820-1 (nspr - integer overflow)

Take action and discover your vulnerabilities