-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6149-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 26, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : nss CVE ID : CVE-2026-2781 Clay Ver Valen discovered an integer overflow in the AES-GCM implementation of the Mozilla Network Security Service libraries. For the oldstable distribution (bookworm), this problem has been fixed in version 2:3.87.1-1+deb12u2. For the stable distribution (trixie), this problem has been fixed in version 2:3.110-1+deb13u1. We recommend that you upgrade your nss packages. For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nss Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmmgojEACgkQEMKTtsN8 TjZxRxAAgXiWw4hD/GtD9etP4JzWzH7PmklxQvGMFF2cZXJtgN5ofCzt7jUeYhkj 85W6d8sHnmizjcifEnjpMdSDXqb46hPR8A1WKfDFeULRftDg8aA23fSqWvegOVvo h2W4jcBAt4zBasUoFpmh3Nb4gJ7rOsYB1PzqCGCT51duKNU3f/DP//AqC+S7gPfK 15ScmICxO0Gt0peHyZnAuGjlSjjT5EgElp5JXVNlR5eiPbZUBGwKkWrD7ReRSK0Y n9dkLURywuqV4R5HkM6q7Lf54t4wpGfn8MM8JQl6J53SsiWWEM8BlAH/ygTz/ZuH o7X4llQHzderjP/jv6habhx06iRCkLloWzPi+LV8QLky8KT+LGrg9cI7V/tmeY38 K1anEXYRorJV+0OMr268LXENwrQm1rlx+YwUxAOzXjKT0093LIP9pPUgoB9hpVE8 couekLPzUkG40q8LmopH8ckPB7grIgPYlUf/0oXaFDpDAcfLz0rgxqFgXZYdqMs7 Akm/dkYXCkBtpBXfYZO9TC7CM/YjkmpUoaFPn5p9XZ7KhXGa/5xvnN+Q/d+1tAlU 2+Qj3nbVAtWpR5KPVkuv23gPlsSusE+7jRdja/BX/cmAo2itr/7EAb8gE3sm923d FWX12i7PyTfdUblfJozjLpBlpTdLsCrdGTSMsQVqv8hUsdNicTQ= =sFCb -----END PGP SIGNATURE-----
