Errata overview
Errata ID 438
Date 2017-07-05
Source package nss
Fixed in version 2:3.26-1+debu7u4.35.201706011823
This update addresses the following issues:
* existing mitigation of timing side-channel attacks insufficient
* Out-of-bounds write in Base64 encoding. This can trigger a crash
  (denial of service) and might be exploitable for code execution
* A flaw in DRBG number generation where the internal state V
  does not correctly carry bits over (CVE-2017-5462)
* Null pointer dereference vulnerability in NSS since 3.24.0 was found when
  server receives empty SSLv2 messages resulting into denial of service by
  remote attacker (CVE-2017-7502)
Additional notes
CVE ID CVE-2016-9074
UCS Bug number #42858