Security News

Cybersecurity news aggregator

🐧
HIGH Vulnerabilities Ubuntu Security

USN-8071-2: NSS vulnerability

cve-2026-1234nssubuntucve-2026-2781mitre-ta0001
A critical memory handling flaw (CVE-2026-2781, CVSS 9.8) in the NSS library during GHASH operations allows remote attackers to cause a denial of service or execute arbitrary code via crafted network traffic. The vulnerability affects Mozilla Firefox versions prior to 140.8.0 and 148.0, as well as Thunderbird versions prior to 140.8.0 and 148.0. A fix is available by updating the affected Ubuntu LTS systems to the specified `libnss3` package versions provided in the security notice.
Read Full Article →

Ubuntu Security Notices USN-8071-2 USN-8071-2: NSS vulnerability Publication date 5 March 2026 Overview NSS could be made to crash or run programs if it received specially crafted network traffic. Releases 20.04 LTS 18.04 LTS 16.04 LTS 14.04 LTS Open side navigation Close side navigation Packages Details Update instructions References Related notices Packages nss - Network Security Service library Details USN-8071-1 fixed a vulnerability in nss. This update provides the corresponding fix for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that NSS incorrectly handled memory when performing certain GHASH operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. USN-8071-1 fixed a vulnerability in nss. This update provides the corresponding fix for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that NSS incorrectly handled memory when performing certain GHASH operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions In general, a standard system update will make all the necessary changes. Learn more about how to get the fixes. The problem can be corrected by updating your system to the following package versions: Ubuntu Release Package Version 20.04 LTS focal libnss3 – 2:3.98-0ubuntu0.20.04.2+esm1 Ubuntu Pro Fix available with Ubuntu Pro . 18.04 LTS bionic libnss3 – 2:3.35-2ubuntu2.16+esm1 Ubuntu Pro Fix available with Ubuntu Pro . 16.04 LTS xenial libnss3 – 2:3.28.4-0ubuntu0.16.04.14+esm5 Ubuntu Pro Fix available with Ubuntu Pro . 14.04 LTS trusty libnss3 – 2:3.28.4-0ubuntu0.14.04.5+esm13 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. Reduce your security exposure Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines. Get Ubuntu Pro References CVE-2026-2781 CVE-2026-2781 Related notices USN-8071-1 USN-8071-1

Related Articles

HIGH USN-8071-1: NSS vulnerability Ubuntu Security MEDIUM DSA-6149-1 nss - security update Debian Security HIGH USN-8197-1: Slurm vulnerability Ubuntu Security HIGH USN-7985-1: TeX Live vulnerabilities Ubuntu Security
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn