MDVSA-2009:197-3

Package name

nss

Date

2009-12-03

Advisory ID

MDVSA-2009:197-3

Affected versions

2008.0 i586 , 2008.0 x86_64

Problem description

Security issues in nss prior to 3.12.3 could lead to a
man-in-the-middle attack via a spoofed X.509 certificate
(CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also
cause a denial-of-service and possible code execution via a long
domain name in X.509 certificate (CVE-2009-2404).

This update provides the latest versions of NSS and NSPR libraries
which are not vulnerable to those attacks.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 6aaa636e2160b8b784904273680a8999  2008.0/i586/libnspr4-4.7.5-0.1mdv2008.0.i586.rpm
 87752fe7629a26066b58aaf8e3509ce9  2008.0/i586/libnspr-devel-4.7.5-0.1mdv2008.0.i586.rpm
 5950ef5f7750ce69f8505a0d271a654b  2008.0/i586/libnss3-3.12.3.1-0.1mdv2008.0.i586.rpm
 cb2705cae30e6090947e637d76649cbb  2008.0/i586/libnss-devel-3.12.3.1-0.1mdv2008.0.i586.rpm
 ceff8722716e8dbada153376cb673239  2008.0/i586/libnss-static-devel-3.12.3.1-0.1mdv2008.0.i586.rpm
 666ca07f9d4f5ed6e720f033d77c8a00  2008.0/i586/nss-3.12.3.1-0.1mdv2008.0.i586.rpm 
 1c6c224afbfff232533e68a4a022ae97  2008.0/SRPMS/nspr-4.7.5-0.1mdv2008.0.src.rpm
 33cd024a0584b13ddbe39ae1f7e62d46  2008.0/SRPMS/nss-3.12.3.1-0.1mdv2008.0.src.rpm

2008.0 x86_64

 be078aecd681468224b73c1c8c920bd9  2008.0/x86_64/lib64nspr4-4.7.5-0.1mdv2008.0.x86_64.rpm
 41ad25f4383999189cded7c55ed37062  2008.0/x86_64/lib64nspr-devel-4.7.5-0.1mdv2008.0.x86_64.rpm
 6e3394c9cf3fc81149907518b9b6707b  2008.0/x86_64/lib64nss3-3.12.3.1-0.1mdv2008.0.x86_64.rpm
 90c5234752f41c6d922c02e83031e5be  2008.0/x86_64/lib64nss-devel-3.12.3.1-0.1mdv2008.0.x86_64.rpm
 5bff6a89fae610df25a8fb6a95224acd  2008.0/x86_64/lib64nss-static-devel-3.12.3.1-0.1mdv2008.0.x86_64.rpm
 18859c654e9f4c3dfcdd90dcf4da551a  2008.0/x86_64/nss-3.12.3.1-0.1mdv2008.0.x86_64.rpm 
 1c6c224afbfff232533e68a4a022ae97  2008.0/SRPMS/nspr-4.7.5-0.1mdv2008.0.src.rpm
 33cd024a0584b13ddbe39ae1f7e62d46  2008.0/SRPMS/nss-3.12.3.1-0.1mdv2008.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408