[SOLVED]Vulnerability-nss 3.72 critical-memory corruption

Need support for GhostBSD. Ask here if your question does not fit elsewhere.
Post Reply
Morty
Posts: 27
Joined: Mon Sep 20, 2021 8:22 am

[SOLVED]Vulnerability-nss 3.72 critical-memory corruption

Post by Morty »

Output from;

Code: Select all

sudo pkg audit -F
Fetching vuln.xml.xz: 100% 919 KiB 940.9kB/s 00:01
nss-3.72 is vulnerable:
NSS -- Memory corruption
CVE: CVE-2021-43527
WWW: https://vuxml.FreeBSD.org/freebsd/47695 ... 17024.html

1 problem(s) in 1 installed package(s) found.

Something i installed,perhaps? Installed 'fltk' from 'Software Station' yesterday. I think i might uninstall that.
Last edited by Morty on Sun Dec 05, 2021 9:15 am, edited 1 time in total.
nevets
Posts: 149
Joined: Tue Jun 23, 2020 3:54 am

Re: Vulnerability-nss 3.72 critical-memory corruption

Post by nevets »

More detail...
NSS 3.72
Fixed in 3.73 at https://github.com/freebsd/freebsd-port ... curity/nss
Note: This vulnerability does NOT impact Mozilla Firefox.
However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted.
Steve
User avatar
ericbsd
Developer
Posts: 2052
Joined: Mon Nov 19, 2012 7:54 pm

Re: Vulnerability-nss 3.72 critical-memory corruption

Post by ericbsd »

You should report the security issues on our GitHub issue. It is more easy to follow up.
User avatar
ericbsd
Developer
Posts: 2052
Joined: Mon Nov 19, 2012 7:54 pm

Re: Vulnerability-nss 3.72 critical-memory corruption

Post by ericbsd »

I did start a build yesterday, and the update of NSS to 3.73 is coming.
Morty
Posts: 27
Joined: Mon Sep 20, 2021 8:22 am

Re: Vulnerability-nss 3.72 critical-memory corruption

Post by Morty »

ericbsd wrote: Sun Dec 05, 2021 8:52 am You should report the security issues on our GitHub issue. It is more easy to follow up.
I understand. Will do that from now on. Thank you for prompt response and being ahead of this issue for resolve. :)
Post Reply