[SECURITY] [DLA 3327-1] nss security update

To: debian-lts-announce <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3327-1] nss security update
From: Markus Koschany <apo@debian.org>
Date: Mon, 20 Feb 2023 16:16:03 +0100
Message-id: <[🔎] 95fb8713a1cc888ee821a1118d68f6ae8252e696.camel@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-------------------------------------------------------------------------
Debian LTS Advisory DLA-3327-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Markus Koschany
February 20, 2023                             https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : nss
Version        : 2:3.42.1-1+deb10u6
CVE ID         : CVE-2020-6829 CVE-2020-12400 CVE-2020-12401 CVE-2020-12403 
                 CVE-2023-0767

Multiple security vulnerabilities have been discovered in nss, the Network
Security Service libraries. 

CVE-2020-6829

    When performing EC scalar point multiplication, the wNAF point
    multiplication algorithm was used; which leaked partial information about
    the nonce used during signature generation. Given an electro-magnetic trace
    of a few signature generations, the private key could have been computed.

CVE-2020-12400

    When converting coordinates from projective to affine, the modular
    inversion was not performed in constant time, resulting in a possible
    timing-based side channel attack.

CVE-2020-12401

    During ECDSA signature generation, padding applied in the nonce designed to
    ensure constant-time scalar multiplication was removed, resulting in
    variable-time execution dependent on secret data.

CVE-2020-12403

    A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS.
    When using multi-part Chacha20, it could cause out-of-bounds reads.
    This issue was fixed by explicitly disabling multi-part ChaCha20 
    (which was not functioning correctly) and strictly enforcing tag length.

CVE-2023-0767

    Christian Holler discovered that incorrect handling of PKCS 12 Safe Bag
    attributes may result in execution of arbitrary code if a specially crafted
    PKCS 12 certificate bundle is processed.

For Debian 10 buster, these problems have been fixed in version
2:3.42.1-1+deb10u6.

We recommend that you upgrade your nss packages.

For the detailed security status of nss please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nss

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Prev by Date: [SECURITY] [DLA 3326-1] isc-dhcp update
Next by Date: [SECURITY] [DLA 3328-1] clamav security update
Previous by thread: [SECURITY] [DLA 3326-1] isc-dhcp update
Next by thread: [SECURITY] [DLA 3328-1] clamav security update
Index(es):
- Date
- Thread