| Package | nss |
|---|---|
| Version | 3.26.2-1.1+deb9u9 (stretch), 2:3.42.1-1+deb10u10 (buster) |
| Related CVEs | CVE-2026-2781 |
Clay Ver Valen discovered an integer overflow in the AES-GCM implementation of the Mozilla Network Security Service libraries.
For Debian 10 buster, these problems have been fixed in version 2:3.42.1-1+deb10u10.
For Debian 9 stretch, these problems have been fixed in version 2:3.26.2-1.1+deb9u9.
We recommend that you upgrade your nss packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.