|Category:||Debian Local Security Checks|
|Title:||Debian LTS: Security Advisory for nss (DLA-2388-1)|
|Summary:||The remote host is missing an update for the 'nss'; package(s) announced via the DLA-2388-1 advisory.|
The remote host is missing an update for the 'nss'
package(s) announced via the DLA-2388-1 advisory.
Various vulnerabilities were fixed in nss,
the Network Security Service libraries.
Cache side-channel variant of the Bleichenbacher attack.
NULL pointer dereference in several CMS functions resulting in a
denial of service.
Out-of-bounds read when importing curve25519 private key.
Empty or malformed p256-ECDH public keys may trigger a segmentation
Out-of-bounds write when encrypting with a block cipher.
Some cryptographic primitives did not check the length of the input
text, potentially resulting in overflows.
Handling of Netscape Certificate Sequences may crash with a NULL
dereference leading to a denial of service.
Force a fixed length for DSA exponentiation.
Side channel attack on ECDSA signature generation.
ECDSA timing attack mitigation bypass.
Side channel vulnerabilities during RSA key generation.
CHACHA20-POLY1305 decryption with undersized tag leads to
'nss' package(s) on Debian Linux.
For Debian 9 stretch, these problems have been fixed in version
We recommend that you upgrade your nss packages.
Common Vulnerability Exposure (CVE) ID: CVE-2020-6829|
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.