[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ MDVSA-2009:197 ] nss
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: [ MDVSA-2009:197 ] nss
- From: security@xxxxxxxxxxxx
- Date: Tue, 01 Sep 2009 21:32:01 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:197
http://www.mandriva.com/security/
_______________________________________________________________________
Package : nss
Date : August 7, 2009
Affected: 2008.1
_______________________________________________________________________
Problem Description:
Security issues in nss prior to 3.12.3 could lead to a
man-in-the-middle attack via a spoofed X.509 certificate
(CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also
cause a denial-of-service and possible code execution via a long
domain name in X.509 certificate (CVE-2009-2404).
This update provides the latest versions of NSS and NSPR libraries
which are not vulnerable to those attacks.
Update:
This update also provides fixed packages for Mandriva Linux 2008.1
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
9228daed5355d9175cbd25faf90a1323
2008.1/i586/libnspr4-4.7.5-0.1mdv2008.1.i586.rpm
58c5ec5d221d0013254d144272162ece
2008.1/i586/libnspr-devel-4.7.5-0.1mdv2008.1.i586.rpm
910b4ddc4285154103c7fd251feac41e
2008.1/i586/libnss3-3.12.3.1-0.1mdv2008.1.i586.rpm
1ef05d27d0d04facfcbf1f13cc84c166
2008.1/i586/libnss-devel-3.12.3.1-0.1mdv2008.1.i586.rpm
1add6ba2355ec0a0571407571f02226e
2008.1/i586/libnss-static-devel-3.12.3.1-0.1mdv2008.1.i586.rpm
18de04c0e62a1e09800b25f045de726e
2008.1/i586/nss-3.12.3.1-0.1mdv2008.1.i586.rpm
daa825f74749ae4e255e7783eb590b90 2008.1/SRPMS/nspr-4.7.5-0.1mdv2008.1.src.rpm
0d17f86fabf84c9ae04f7e520bc0a679
2008.1/SRPMS/nss-3.12.3.1-0.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
58d390af357253669d802b948adcd728
2008.1/x86_64/lib64nspr4-4.7.5-0.1mdv2008.1.x86_64.rpm
81b4060266dc9451903c1ba359b49ebe
2008.1/x86_64/lib64nspr-devel-4.7.5-0.1mdv2008.1.x86_64.rpm
ddb36ba3de5f39010481bc71c8c6b6f1
2008.1/x86_64/lib64nss3-3.12.3.1-0.1mdv2008.1.x86_64.rpm
404e5c1d07c1838c7cfcc03d4ca0d94a
2008.1/x86_64/lib64nss-devel-3.12.3.1-0.1mdv2008.1.x86_64.rpm
ad4bd40e77dd746fe9cddfb4c34d2f62
2008.1/x86_64/lib64nss-static-devel-3.12.3.1-0.1mdv2008.1.x86_64.rpm
cbad5d086771ecd927edd51eda1fd36c
2008.1/x86_64/nss-3.12.3.1-0.1mdv2008.1.x86_64.rpm
daa825f74749ae4e255e7783eb590b90 2008.1/SRPMS/nspr-4.7.5-0.1mdv2008.1.src.rpm
0d17f86fabf84c9ae04f7e520bc0a679
2008.1/SRPMS/nss-3.12.3.1-0.1mdv2008.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKnUuBmqjQ0CJFipgRAo4ZAJ9NgZWnA+od3Avaz/JL0AUPsLuifwCg4Ko7
xlh7P0f6Beuzo4/4fxPw+EU=
=I1n/
-----END PGP SIGNATURE-----