Arch Linux Security Advisory ASA-201511-4 ========================================= Severity: Critical Date : 2015-11-06 CVE-ID : CVE-2015-7183 Package : nspr Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package nspr before version 4.10.10-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 4.10.10-1. # pacman -Syu "nspr>=4.10.10-1" The problem has been fixed upstream in version 4.10.10. Workaround ========== None. Description =========== A logic bug in the handling of large allocations would allow exceptionally large allocations to be reported as successful, without actually allocating the requested memory. This may allow attackers to bypass security checks and obtain control of arbitrary memory. Impact ====== A remote attacker can execute arbitrary code on the affected host. References ========== http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12386.html https://access.redhat.com/security/cve/CVE-2015-7183