[SECURITY] [DLA 3937-1] nss security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3937-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Arturo Borrero Gonzalez
October 27, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : nss
Version : 2:3.61-1+deb11u4
CVE ID : CVE-2024-0743 CVE-2024-6602 CVE-2024-6609
nss - Network Security Service libraries
This is a set of libraries designed to support cross-platform development
of security-enabled client and server applications. It can support SSLv2
and v4, TLS, PKCS #5, #7, #11, #12, S/MIME, X.509 v3 certificates and
other security standards.
Among other utilities, this package includes:
* certutil: manages certificate and key databases (cert7.db and key3.db)
* modutil: manages the database of PKCS11 modules (secmod.db)
* pk12util: imports/exports keys and certificates between the cert/key
databases and files in PKCS12 format.
* shlibsign: creates .chk files for use in FIPS mode.
* signtool: creates digitally-signed jar archives containing files and/or
code.
* ssltap: proxy requests for an SSL server and display the contents of
the messages exchanged between the client and server.
CVE-2024-0743
An unchecked return value in TLS handshake code could have caused
a potentially exploitable crash.
CVE-2024-6602
A mismatch between allocator and deallocator could have lead to
memory corruption.
CVE-2024-6609
When almost out-of-memory an elliptic curve key which was never
allocated could have been freed again.
For Debian 11 bullseye, these problems have been fixed in version
2:3.61-1+deb11u4.
We recommend that you upgrade your nss packages.
For the detailed security status of nss please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nss
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmcfa/8ACgkQnUbEiOQ2
gwIsnxAAq+ktywBDV2TgoDJGSgF3V27yIPQ+24zaDNM6PmeusD4VO72Y3FlTClwI
aRftIbxkuWv6XsHDasKsEUIWKvNrEQRrn8Slxb4cVoXS2U+NxSLK6PIT7mu2A+8D
EIeDv7ltqfOnNYuwBY/r5NEOtdtVPRTtmOGa6TMgjcJ0gHywLWCxxY/SplAEUHoW
//bPzqgrtCYfUdT4eFyzic9thcFdcA/qu3qirYE9FELk/JRFkk31hkX45oCjIWoa
c7PGDtjs7MCWUfMjADjmhpg6OJ/yd+7IdxVyKyrN6mCKpIFQ4VARxb5ZjnLLThvt
gZLx3vazq8yt29GHezdm7dGrDzPMfRZeQqRUDOfmXi/X5gcd3HyQpOcgTJP2tCnI
az3uub2mW4YMf72C/mAVM+s/ylDVtXrFF/oGlFnJTgCH6LBoHGXR6W9r71Mp6YCc
ZUsI6BYfxl0yOYLZMF3Yn5UN8XKRxRVCvvUx4kmXcFslEH4VMJASDBf6/R3DONwJ
9xb82TFk4L+xUHMx4bQCwcHDhQx05Ic4FSU6pYOUQ3/fSlQnNPLV9LthLogfyFEQ
6k6lR1pixHN8M2GwA6xSg9k04cFeXibtQsPW2v/ioMhmaW9RbUV80n+ZN0Bl8ee2
DWYR7yWDwY04XAtF/bqrdJdU9sLlGNfeqbqt9xkYf1ZiaGTRCbQ=
=FtCt
-----END PGP SIGNATURE-----
Reply to: