ELA-802-1 nss security update

execution of arbitrary code

2023-02-21
Packagenss
Version2:3.26-1+debu8u17 (jessie), 2:3.26.2-1.1+deb9u6 (stretch)
Related CVEs CVE-2023-0767


Christian Holler discovered that incorrect handling of PKCS 12 Safe Bag attributes in nss, the Mozilla Network Security Service library, may result in execution of arbitrary code if a specially crafted PKCS 12 certificate bundle is processed.



For Debian 8 jessie, these problems have been fixed in version 2:3.26-1+debu8u17.

For Debian 9 stretch, these problems have been fixed in version 2:3.26.2-1.1+deb9u6.

We recommend that you upgrade your nss packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.