Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Mandrake/Mandriva :: bu-457.htm

nss vulns



nss
nss




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:197
http://www.mandriva.com/security/ 
 _______________________________________________________________________

 Package : nss
 Date    : August 7, 2009
 Affected: 2009.0, 2009.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Security issues in nss prior to 3.12.3 could lead to a
 man-in-the-middle attack via a spoofed X.509 certificate
 (CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also
 cause a denial-of-service and possible code execution via a long
 domain name in X.509 certificate (CVE-2009-2404).
 
 This update provides the latest versions of NSS and NSPR libraries
 which are not vulnerable to those attacks.
 _______________________________________________________________________

 References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404 
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 f1a3c79a29336f72dee81f2c2ce77079  2009.0/i586/libnspr4-4.7.5-0.1mdv2009.0.i586.rpm
 c703c373c35f68e17e09c9b3edc60dee  2009.0/i586/libnspr-devel-4.7.5-0.1mdv2009.0.i586.rpm
 2db7bcea1b239d1a56112fd7ba8ffb9e  2009.0/i586/libnss3-3.12.3.1-0.1mdv2009.0.i586.rpm
 b3e4bc2a61001ac0d7e8dec04eda7d84  2009.0/i586/libnss-devel-3.12.3.1-0.1mdv2009.0.i586.rpm
 eb7094fe1affd15a0386e61b41fcf2d9  2009.0/i586/libnss-static-devel-3.12.3.1-0.1mdv2009.0.i586.rpm
 e13ff7a2350c4758c3cef8d0ad22187e  2009.0/i586/nss-3.12.3.1-0.1mdv2009.0.i586.rpm 
 c4b21c10b38d3ed7555ab4abd2294c3f  2009.0/SRPMS/nspr-4.7.5-0.1mdv2009.0.src.rpm
 745ed32d19b1b58b86669b77b6dc9cef  2009.0/SRPMS/nss-3.12.3.1-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 79a4f1a583f81bce7f8c62986b709220  2009.0/x86_64/lib64nspr4-4.7.5-0.1mdv2009.0.x86_64.rpm
 11fbdd2a7ce6d93676c07102bc9e2f8e  2009.0/x86_64/lib64nspr-devel-4.7.5-0.1mdv2009.0.x86_64.rpm
 87ed9bd3b8f6396a56fb08ea9b2d6bfc  2009.0/x86_64/lib64nss3-3.12.3.1-0.1mdv2009.0.x86_64.rpm
 3f63723ad79452362f0cbdcc2c864ed7  2009.0/x86_64/lib64nss-devel-3.12.3.1-0.1mdv2009.0.x86_64.rpm
 f425d17a91029ff65b4a9b2aa7d9f8cc  2009.0/x86_64/lib64nss-static-devel-3.12.3.1-0.1mdv2009.0.x86_64.rpm
 feba467cc0589c40ae61800cba1ab12d  2009.0/x86_64/nss-3.12.3.1-0.1mdv2009.0.x86_64.rpm 
 c4b21c10b38d3ed7555ab4abd2294c3f  2009.0/SRPMS/nspr-4.7.5-0.1mdv2009.0.src.rpm
 745ed32d19b1b58b86669b77b6dc9cef  2009.0/SRPMS/nss-3.12.3.1-0.1mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 8cd8c4b87b27e0448f2560114bd83bb3  2009.1/i586/libnspr4-4.7.5-0.1mdv2009.1.i586.rpm
 82ce975b0c3d55c09c6e5157a4627101  2009.1/i586/libnspr-devel-4.7.5-0.1mdv2009.1.i586.rpm
 93906e880dec09678a7738bd147967d5  2009.1/i586/libnss3-3.12.3.1-0.1mdv2009.1.i586.rpm
 1059c53a7c0bbbe57f44dd748df5f530  2009.1/i586/libnss-devel-3.12.3.1-0.1mdv2009.1.i586.rpm
 1f2b1e8f2a8aee4d5f4a301f0f88c96b  2009.1/i586/libnss-static-devel-3.12.3.1-0.1mdv2009.1.i586.rpm
 45297bcc9da17bcdb6515b1ded9d0b56  2009.1/i586/nss-3.12.3.1-0.1mdv2009.1.i586.rpm 
 6ce5146371c4f730f89205041c8747c2  2009.1/SRPMS/nspr-4.7.5-0.1mdv2009.1.src.rpm
 3b19dc2f4f2265516b39a194f32469ae  2009.1/SRPMS/nss-3.12.3.1-0.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 998b4a57be0efb4babb9b7fea094e194  2009.1/x86_64/lib64nspr4-4.7.5-0.1mdv2009.1.x86_64.rpm
 7631098c5bd6ca484295f8240e381846  2009.1/x86_64/lib64nspr-devel-4.7.5-0.1mdv2009.1.x86_64.rpm
 67596dbf16bd7d7472607870e81fdd5e  2009.1/x86_64/lib64nss3-3.12.3.1-0.1mdv2009.1.x86_64.rpm
 a306fc84ee4a87beb53bfd0927726624  2009.1/x86_64/lib64nss-devel-3.12.3.1-0.1mdv2009.1.x86_64.rpm
 b55efb339da1e02fc30dd12cfc481447  2009.1/x86_64/lib64nss-static-devel-3.12.3.1-0.1mdv2009.1.x86_64.rpm
 5b74be3721f34c50f694e9fcefe6a473  2009.1/x86_64/nss-3.12.3.1-0.1mdv2009.1.x86_64.rpm 
 6ce5146371c4f730f89205041c8747c2  2009.1/SRPMS/nspr-4.7.5-0.1mdv2009.1.src.rpm
 3b19dc2f4f2265516b39a194f32469ae  2009.1/SRPMS/nss-3.12.3.1-0.1mdv2009.1.src.rpm

 Mandriva Enterprise Server 5:
 716f2bd75c87311db7f67a28de3ff280  mes5/i586/libnspr4-4.7.5-0.1mdvmes5.i586.rpm
 ded949730043e580c871f2cb5e79b0ec  mes5/i586/libnspr-devel-4.7.5-0.1mdvmes5.i586.rpm
 40233afde79f89595e5ac5d5d82978de  mes5/i586/libnss3-3.12.3.1-0.1mdvmes5.i586.rpm
 db5845f7689f4a804c22fc1b526b63da  mes5/i586/libnss-devel-3.12.3.1-0.1mdvmes5.i586.rpm
 4b9feb67d67af798a2ebd6462cd6baca  mes5/i586/libnss-static-devel-3.12.3.1-0.1mdvmes5.i586.rpm
 adc99fd98222f78b51f15c1882afe48c  mes5/i586/nss-3.12.3.1-0.1mdvmes5.i586.rpm 
 9c427e46d75b1b960e89ae0bffece026  mes5/SRPMS/nspr-4.7.5-0.1mdvmes5.src.rpm
 743e29fc78ccda2b72a12b9c44831401  mes5/SRPMS/nss-3.12.3.1-0.1mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 dc5310ab580fcc88b0ca7a3d0d9e0003  mes5/x86_64/lib64nspr4-4.7.5-0.1mdvmes5.x86_64.rpm
 d27ac59efb819ee6fa8fecb8a4285ae1  mes5/x86_64/lib64nspr-devel-4.7.5-0.1mdvmes5.x86_64.rpm
 163da07011b8da2b83c0632c4535bf33  mes5/x86_64/lib64nss3-3.12.3.1-0.1mdvmes5.x86_64.rpm
 2d3c6712c3a9997a3f866729736651e8  mes5/x86_64/lib64nss-devel-3.12.3.1-0.1mdvmes5.x86_64.rpm
 974c5f16ce666817f6e851f8b3bfb339  mes5/x86_64/lib64nss-static-devel-3.12.3.1-0.1mdvmes5.x86_64.rpm
 92b5732957ad6ea00d1635737d425874  mes5/x86_64/nss-3.12.3.1-0.1mdvmes5.x86_64.rpm 
 9c427e46d75b1b960e89ae0bffece026  mes5/SRPMS/nspr-4.7.5-0.1mdvmes5.src.rpm
 743e29fc78ccda2b72a12b9c44831401  mes5/SRPMS/nss-3.12.3.1-0.1mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories 

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKfHeXmqjQ0CJFipgRAlkEAJ9FIspFN3yaMTZxo+XNMK1xyWFS5ACfR1CA
YhYhKVCghHrxfRbmHQDhzQI=cqmE
-----END PGP SIGNATURE-----



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH