[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [ MDVSA-2009:197 ] nss



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:197
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : nss
 Date    : August 7, 2009
 Affected: 2009.0, 2009.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Security issues in nss prior to 3.12.3 could lead to a
 man-in-the-middle attack via a spoofed X.509 certificate
 (CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also
 cause a denial-of-service and possible code execution via a long
 domain name in X.509 certificate (CVE-2009-2404).
 
 This update provides the latest versions of NSS and NSPR libraries
 which are not vulnerable to those attacks.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 f1a3c79a29336f72dee81f2c2ce77079  
2009.0/i586/libnspr4-4.7.5-0.1mdv2009.0.i586.rpm
 c703c373c35f68e17e09c9b3edc60dee  
2009.0/i586/libnspr-devel-4.7.5-0.1mdv2009.0.i586.rpm
 2db7bcea1b239d1a56112fd7ba8ffb9e  
2009.0/i586/libnss3-3.12.3.1-0.1mdv2009.0.i586.rpm
 b3e4bc2a61001ac0d7e8dec04eda7d84  
2009.0/i586/libnss-devel-3.12.3.1-0.1mdv2009.0.i586.rpm
 eb7094fe1affd15a0386e61b41fcf2d9  
2009.0/i586/libnss-static-devel-3.12.3.1-0.1mdv2009.0.i586.rpm
 e13ff7a2350c4758c3cef8d0ad22187e  
2009.0/i586/nss-3.12.3.1-0.1mdv2009.0.i586.rpm 
 c4b21c10b38d3ed7555ab4abd2294c3f  2009.0/SRPMS/nspr-4.7.5-0.1mdv2009.0.src.rpm
 745ed32d19b1b58b86669b77b6dc9cef  
2009.0/SRPMS/nss-3.12.3.1-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 79a4f1a583f81bce7f8c62986b709220  
2009.0/x86_64/lib64nspr4-4.7.5-0.1mdv2009.0.x86_64.rpm
 11fbdd2a7ce6d93676c07102bc9e2f8e  
2009.0/x86_64/lib64nspr-devel-4.7.5-0.1mdv2009.0.x86_64.rpm
 87ed9bd3b8f6396a56fb08ea9b2d6bfc  
2009.0/x86_64/lib64nss3-3.12.3.1-0.1mdv2009.0.x86_64.rpm
 3f63723ad79452362f0cbdcc2c864ed7  
2009.0/x86_64/lib64nss-devel-3.12.3.1-0.1mdv2009.0.x86_64.rpm
 f425d17a91029ff65b4a9b2aa7d9f8cc  
2009.0/x86_64/lib64nss-static-devel-3.12.3.1-0.1mdv2009.0.x86_64.rpm
 feba467cc0589c40ae61800cba1ab12d  
2009.0/x86_64/nss-3.12.3.1-0.1mdv2009.0.x86_64.rpm 
 c4b21c10b38d3ed7555ab4abd2294c3f  2009.0/SRPMS/nspr-4.7.5-0.1mdv2009.0.src.rpm
 745ed32d19b1b58b86669b77b6dc9cef  
2009.0/SRPMS/nss-3.12.3.1-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 8cd8c4b87b27e0448f2560114bd83bb3  
2009.1/i586/libnspr4-4.7.5-0.1mdv2009.1.i586.rpm
 82ce975b0c3d55c09c6e5157a4627101  
2009.1/i586/libnspr-devel-4.7.5-0.1mdv2009.1.i586.rpm
 93906e880dec09678a7738bd147967d5  
2009.1/i586/libnss3-3.12.3.1-0.1mdv2009.1.i586.rpm
 1059c53a7c0bbbe57f44dd748df5f530  
2009.1/i586/libnss-devel-3.12.3.1-0.1mdv2009.1.i586.rpm
 1f2b1e8f2a8aee4d5f4a301f0f88c96b  
2009.1/i586/libnss-static-devel-3.12.3.1-0.1mdv2009.1.i586.rpm
 45297bcc9da17bcdb6515b1ded9d0b56  
2009.1/i586/nss-3.12.3.1-0.1mdv2009.1.i586.rpm 
 6ce5146371c4f730f89205041c8747c2  2009.1/SRPMS/nspr-4.7.5-0.1mdv2009.1.src.rpm
 3b19dc2f4f2265516b39a194f32469ae  
2009.1/SRPMS/nss-3.12.3.1-0.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 998b4a57be0efb4babb9b7fea094e194  
2009.1/x86_64/lib64nspr4-4.7.5-0.1mdv2009.1.x86_64.rpm
 7631098c5bd6ca484295f8240e381846  
2009.1/x86_64/lib64nspr-devel-4.7.5-0.1mdv2009.1.x86_64.rpm
 67596dbf16bd7d7472607870e81fdd5e  
2009.1/x86_64/lib64nss3-3.12.3.1-0.1mdv2009.1.x86_64.rpm
 a306fc84ee4a87beb53bfd0927726624  
2009.1/x86_64/lib64nss-devel-3.12.3.1-0.1mdv2009.1.x86_64.rpm
 b55efb339da1e02fc30dd12cfc481447  
2009.1/x86_64/lib64nss-static-devel-3.12.3.1-0.1mdv2009.1.x86_64.rpm
 5b74be3721f34c50f694e9fcefe6a473  
2009.1/x86_64/nss-3.12.3.1-0.1mdv2009.1.x86_64.rpm 
 6ce5146371c4f730f89205041c8747c2  2009.1/SRPMS/nspr-4.7.5-0.1mdv2009.1.src.rpm
 3b19dc2f4f2265516b39a194f32469ae  
2009.1/SRPMS/nss-3.12.3.1-0.1mdv2009.1.src.rpm

 Mandriva Enterprise Server 5:
 716f2bd75c87311db7f67a28de3ff280  mes5/i586/libnspr4-4.7.5-0.1mdvmes5.i586.rpm
 ded949730043e580c871f2cb5e79b0ec  
mes5/i586/libnspr-devel-4.7.5-0.1mdvmes5.i586.rpm
 40233afde79f89595e5ac5d5d82978de  
mes5/i586/libnss3-3.12.3.1-0.1mdvmes5.i586.rpm
 db5845f7689f4a804c22fc1b526b63da  
mes5/i586/libnss-devel-3.12.3.1-0.1mdvmes5.i586.rpm
 4b9feb67d67af798a2ebd6462cd6baca  
mes5/i586/libnss-static-devel-3.12.3.1-0.1mdvmes5.i586.rpm
 adc99fd98222f78b51f15c1882afe48c  mes5/i586/nss-3.12.3.1-0.1mdvmes5.i586.rpm 
 9c427e46d75b1b960e89ae0bffece026  mes5/SRPMS/nspr-4.7.5-0.1mdvmes5.src.rpm
 743e29fc78ccda2b72a12b9c44831401  mes5/SRPMS/nss-3.12.3.1-0.1mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 dc5310ab580fcc88b0ca7a3d0d9e0003  
mes5/x86_64/lib64nspr4-4.7.5-0.1mdvmes5.x86_64.rpm
 d27ac59efb819ee6fa8fecb8a4285ae1  
mes5/x86_64/lib64nspr-devel-4.7.5-0.1mdvmes5.x86_64.rpm
 163da07011b8da2b83c0632c4535bf33  
mes5/x86_64/lib64nss3-3.12.3.1-0.1mdvmes5.x86_64.rpm
 2d3c6712c3a9997a3f866729736651e8  
mes5/x86_64/lib64nss-devel-3.12.3.1-0.1mdvmes5.x86_64.rpm
 974c5f16ce666817f6e851f8b3bfb339  
mes5/x86_64/lib64nss-static-devel-3.12.3.1-0.1mdvmes5.x86_64.rpm
 92b5732957ad6ea00d1635737d425874  
mes5/x86_64/nss-3.12.3.1-0.1mdvmes5.x86_64.rpm 
 9c427e46d75b1b960e89ae0bffece026  mes5/SRPMS/nspr-4.7.5-0.1mdvmes5.src.rpm
 743e29fc78ccda2b72a12b9c44831401  mes5/SRPMS/nss-3.12.3.1-0.1mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKfHeXmqjQ0CJFipgRAlkEAJ9FIspFN3yaMTZxo+XNMK1xyWFS5ACfR1CA
YhYhKVCghHrxfRbmHQDhzQI=
=cqmE
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/