Debian Security Advisory DSA 2962-1 (nspr - Security Update) Network Vulnerability

Summary

Abhiskek Arya discovered an out of bounds write in the cvt_t() function of the NetScape Portable Runtime Library which could result in the execution of arbitrary code.

Solution

For the stable distribution (wheezy), this problem has been fixed in version 2:4.9.2-1+deb7u2. For the unstable distribution (sid), this problem has been fixed in version 2:4.10.6-1. We recommend that you upgrade your nspr packages.

Affected

nspr on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2014/dsa-2962.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-1545

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 096-1 (mutt)
Debian Security Advisory DSA 1044-1 (mozilla-firefox)
Debian Security Advisory DSA 072-1 (groff)
Debian Security Advisory DSA 1072-1 (nagios)
Debian Security Advisory DSA 106-1 (rsync)

Debian Security Advisory DSA 2962-1 (nspr - security update)

Take action and discover your vulnerabilities