CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
89.9%
Package : nss
Version : 3.12.8-1+squeeze11
CVE ID : CVE-2011-3389 CVE-2014-1569
Debian Bug : 773625
nss 3.12.8-1+squeeze11 fixes two security issues:
CVE-2011-3389
SSL 3.0 and TLS 1.0 connections were vulnerable to some chosen
plaintext attacks which allowed man-in-the middle attackers to obtain
plaintext HTTP headers on an HTTPS session. This issue is known as
the "BEAST" attack.
CVE-2014-1569
Possible information leak with too-permissive ASN.1 DER decoding of
length.
–
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Attachment:
signature.asc
Description: Digital signature
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | amd64 | libnss3-1d | < 2:3.14.5-1+deb7u4 | libnss3-1d_2:3.14.5-1+deb7u4_amd64.deb |
Debian | 7 | amd64 | libnss3-dbg | < 2:3.14.5-1+deb7u4 | libnss3-dbg_2:3.14.5-1+deb7u4_amd64.deb |
Debian | 7 | s390x | libnss3-dbg | < 2:3.14.5-1+deb7u4 | libnss3-dbg_2:3.14.5-1+deb7u4_s390x.deb |
Debian | 7 | armhf | libnss3-1d | < 2:3.14.5-1+deb7u4 | libnss3-1d_2:3.14.5-1+deb7u4_armhf.deb |
Debian | 7 | mipsel | libnss3-1d | < 2:3.14.5-1+deb7u4 | libnss3-1d_2:3.14.5-1+deb7u4_mipsel.deb |
Debian | 7 | powerpc | libnss3-dev | < 2:3.14.5-1+deb7u4 | libnss3-dev_2:3.14.5-1+deb7u4_powerpc.deb |
Debian | 7 | s390 | libnss3-dev | < 2:3.14.5-1+deb7u4 | libnss3-dev_2:3.14.5-1+deb7u4_s390.deb |
Debian | 7 | armel | libnss3-dbg | < 2:3.14.5-1+deb7u4 | libnss3-dbg_2:3.14.5-1+deb7u4_armel.deb |
Debian | 7 | sparc | libnss3-tools | < 2:3.14.5-1+deb7u4 | libnss3-tools_2:3.14.5-1+deb7u4_sparc.deb |
Debian | 7 | sparc | libnss3-dev | < 2:3.14.5-1+deb7u4 | libnss3-dev_2:3.14.5-1+deb7u4_sparc.deb |