A nss security update has been released for Debian GNU/Linux 8 Extended LTS to address multiple security vulnerabilities.
ELA-256-1 nss security update
Package nss
ELA-256-1 nss security update
Version 2:3.26-1+debu8u12
Related CVE CVE-2020-6829 CVE-2020-12400 CVE-2020-12401
Multiple security vulnerabilities were fixed in nss, the Network Security Services library. The ECDSA signature generation in P-384 and P-521 was found to be vulnerable to a side channel attack in the modular inversion function implementation. The ECDSA implementation was also found to be vulnerable to a timing attack mitigation bypass.
For Debian 8 jessie, these problems have been fixed in version 2:3.26-1+debu8u12.
We recommend that you upgrade your nss packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
