[SECURITY] [DLA 4508-1] nss security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4508-1] nss security update
From: Utkarsh Gupta <guptautkarsh2102@gmail.com>
Date: Wed, 25 Mar 2026 21:03:19 +0530
Message-id: <[🔎] CAPP0f94iq2a=qF0OxLTuOtE5jLLLY=db3r+3sajmDjWVT4HjMg@mail.gmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-4508-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
March 25, 2026                              https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : nss
Version        : 2:3.61-1+deb11u5
CVE ID         : CVE-2026-2781

Clay Ver Valen discovered an integer overflow in the AES-GCM
implementation of the Mozilla Network Security Service libraries.

For Debian 11 bullseye, this problem has been fixed in version
2:3.61-1+deb11u5.

We recommend that you upgrade your nss packages.

For the detailed security status of nss please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nss

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmnEACkACgkQgj6WdgbD
S5ayUhAAjWTuSerDZMqvHBN+BLepuDZ9ktSrrk2t+Lmb2nj2YpxTGg9riY2dKVsd
s2bh72aKoI7Yk6EwKbovT7jntqah0Tqp6de/8Pm0UPKOm3drIXZz/op8pqSlCDEH
IjjxKgy032OwWf20JnZUZ50OAxjF2bM97A1uH96l8JDzuaTep53wZ2Waiv3AMTgH
avqy69MGuKjj4L7sZrzR07m28VoapgiCPrcw+mJUJ+J7DZdGHrtKbCykpSkgKejZ
wAeZX3rSqeJHN2YmxiHmZowb0yNJb7/QRQzpJSK9z7sDhvzAnaLpJ7QIZVxG7Ef9
n60mCxoQoUyB01l+M65YgAUq8hYx6JXHWUfcZJoDsO5Y4hSQ0R5dWlByk06XqkUy
2+pAFFKycWy+IlwF1WSN1P6Kesids9oBVl1sJiSMPaAt7gF7/lb6q+YwPvBJnyA7
DNgE6/pCHCFLno/AgxFzpha/VWy9QKVFCXH3j9NvpONp6bqxGFjB1oBvi9KqPbRw
niHOfnnhFLdl32nItub4NrK7IoSVfI/nI00CruGGdFmTsYmOkJ6BCrrNqlEJKqos
c97cIuzh0p/IggegfIlqNRSv+M60ulTaKv7tmlueoOtNeqsS2VlgGjKTwnWtLKrU
FF4ch8LUl2jAfOFAgd4wlbaCF/2urpQY5YzJcY2Ht7JVrnvLQgw=
=wGSy
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4507-1] vlc security update
Next by Date: [SECURITY] [DLA 4509-1] awstats security update
Previous by thread: [SECURITY] [DLA 4507-1] vlc security update
Next by thread: [SECURITY] [DLA 4509-1] awstats security update
Index(es):
- Date
- Thread