| Package | nss |
|---|---|
| Version | 2:3.26-1+debu8u18 (jessie), 2:3.26.2-1.1+deb9u7 (stretch) |
| Related CVEs | CVE-2023-4421 CVE-2023-5388 CVE-2024-0743 |
Multiple vulnerabilities were found in nss, a set of libraries designed to support cross-platform development of security-enabled client and server applications.
CVE-2023-4421
A fuzzing project discovered vulnerabilities to Bleichenbacher
timing attacks in NSS's facilities for RSA cryptography.
CVE-2023-5388
A timing attack against RSA decryption in TLS. This vulnerablity has been
named The MArvin Attack a Bleichenbacher-like vulernability.
CVE-2024-0743
An unchecked return value in TLS handshake code could have caused a
potentially exploitable crash.
For Debian 8 jessie, these problems have been fixed in version 2:3.26-1+debu8u18.
For Debian 9 stretch, these problems have been fixed in version 2:3.26.2-1.1+deb9u7.
We recommend that you upgrade your nss packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.