ELA-1054-1 nss security update

Version2:3.26-1+debu8u18 (jessie), 2:3.26.2-1.1+deb9u7 (stretch)
Related CVEs CVE-2023-4421 CVE-2023-5388 CVE-2024-0743

Multiple vulnerabilities were found in nss, a set of libraries designed to support cross-platform development of security-enabled client and server applications.


A fuzzing project discovered vulnerabilities to Bleichenbacher
timing attacks in NSS's facilities for RSA cryptography.


A timing attack against RSA decryption in TLS. This vulnerablity has been
named The MArvin Attack a Bleichenbacher-like vulernability.


An unchecked return value in TLS handshake code could have caused a
potentially exploitable crash.

For Debian 8 jessie, these problems have been fixed in version 2:3.26-1+debu8u18.

For Debian 9 stretch, these problems have been fixed in version 2:3.26.2-1.1+deb9u7.

We recommend that you upgrade your nss packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.