{"id":"MGASA-2021-0534","summary":"Updated nss packages fix security vulnerability","details":"NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are\nvulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS\nsignatures. Applications using NSS for handling signatures encoded within\nCMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Applications\nusing NSS for certificate validation or other TLS, X.509, OCSP or CRL\nfunctionality may be impacted, depending on how they configure NSS\n(CVE-2021-43527).\n\nNote: This vulnerability does NOT impact Mozilla Firefox. However, email\nclients and PDF viewers that use NSS for signature verification, such as\nThunderbird, LibreOffice, Evolution and Evince are believed to be impacted.\n","modified":"2026-02-04T04:35:10.291603Z","published":"2021-12-02T16:49:28Z","related":["CVE-2021-43527"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0534.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29714"},{"type":"REPORT","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/"}],"affected":[{"package":{"name":"nss","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.73.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0534.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}