The following security-relevant bugs have been resolved in NSPR 4.10.10.
Users are encouraged to upgrade immediately.
- Bug 1205157 (CVE-2015-7183)
A logic bug in the handling of large allocations would allow
exceptionally large allocations to be reported as successful, without
actually allocating the requested memory. This may allow attackers to
bypass security checks and obtain control of arbitrary memory.
This issue affects applications that were compiled with or linked
against an affected NSPR version; to resolve this issue, affected
applications must be recompiled with a non-affected NSPR version.
NSPR 4.10.10 has the following additional bug fixes:
- Bug 1199867: Fixed a regression that broke 32-bits mips w/ glibc