| Package | nss |
|---|---|
| Version | 2:3.26-1+debu8u19 (jessie) 2:3.26.2-1.1+deb9u8 (stretch) 2:3.42.1-1+deb10u9 (buster) |
| Related CVEs | CVE-2024-6602 CVE-2024-6609 |
Two vulnerabilities were discovered in the nss suite of packages, which include libnss3 and other tools for dealing with certificates and security standards.
CVE-2024-6602
A mismatch between allocator and deallocator could have lead to memory corruption.
CVE-2024-6609
When almost out-of-memory an elliptic curve key which was never allocated could have been freed again.
For Debian 10 buster, these problems have been fixed in version 2:3.42.1-1+deb10u9.
For Debian 8 jessie, these problems have been fixed in version 2:3.26-1+debu8u19.
For Debian 9 stretch, these problems have been fixed in version 2:3.26.2-1.1+deb9u8.
We recommend that you upgrade your nss packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.