| Package | nss |
|---|---|
| Version | 2:3.26-1+debu8u12 |
| Related CVEs | CVE-2020-6829 CVE-2020-12400 CVE-2020-12401 |
Multiple security vulnerabilities were fixed in nss, the Network Security Services library. The ECDSA signature generation in P-384 and P-521 was found to be vulnerable to a side channel attack in the modular inversion function implementation. The ECDSA implementation was also found to be vulnerable to a timing attack mitigation bypass.
For Debian 8 jessie, these problems have been fixed in version 2:3.26-1+debu8u12.
We recommend that you upgrade your nss packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.