Multiple vulnerabilities (CVE-2026-6766, CVE-2026-6767, CVE-2026-6772) in the NSS cryptographic libraries could lead to denial of service or arbitrary code execution. The CVSS scores range from Medium (5.3) to High (7.5). For Debian stable (trixie), these issues are fixed in nss version 2:3.110-1+deb13u2.
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index] [SECURITY] [DSA 6290-1] nss security update To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA 6290-1] nss security update From: Moritz Muehlenhoff <jmm@debian.org> Date: Thu, 21 May 2026 20:39:11 +0000 Message-id: <[🔎] ag9tb74HMfhQWkDH@seger.debian.org> Reply-to: debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6290-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 21, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nss CVE ID : CVE-2026-6766 CVE-2026-6767 CVE-2026-6772 Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in or denial of service or potentially the execution of arbitrary code. For the stable distribution (trixie), these problems have been fixed in version 2:3.110-1+deb13u2. We recommend that you upgrade your nss packages. For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nss Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmoPbO0ACgkQEMKTtsN8 TjYEVhAAm78ETFzhkqAS43GTmVJt6GE5ygsDXYNH7kfPYJER3P3yaBnsq8MuH0GQ EOqcWWNr+QIVhzJ0DvY+Ho4Fh1xNaY1utpinhVVdKmkLV/v2wvsY/nQZ6lfOvXcK uVKdaLdqpVVjWXXx5FALG8c9ZokvceKXoLuw/c+jdIW6pYS0vNkEP/FlWwatvY0R Ld/zrmR2jNYfw7MAm2/jUIYAc5klxSmTaE3vEXEhKRiVC5ozp8dm2C/R+tS3qm3P l2/jXPluaXhMVqGJtHk8Ow+QF4B95TDnEf6NPo8uf2daj/2Z9A5Zdq8a1B4zTr62 WVCWzMqk9pZl9ThdIvryfTkWymXYn8oWLZNDtKyQg7igcFptC/O2vSYscM12T1iJ mD+InkJX4wnk4AdEQDr4RfjGubMY7twWjX3n98UEJ3WP65hysdcc98hzN9JX/T4T IeY5+JX9+Vq5XG39y19PdZjawDmhPF4Lpegnwnjb8mIqc4/4Z+EclSPflJulVHP9 hY3akHwXtPPylPaPz4NAV/ucATSAhz6bwiSVpYH/mC2lYKi3G4+Vo58xEVtyTX2B 9UE5WaD+XDO3GwEnB/k96aCfjfYnP6/GKnY7xl5yYlESI1HD0N6Unq9cZxndGhww PkkXhPFJTXOFMtEHIPvBmqbZDT/ykxiKSpX6V1Ik7CAran/U6Dc= =x+l6 -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6289-1] openvpn security update Previous by thread: [SECURITY] [DSA 6289-1] openvpn security update Index(es): Date Thread