MDVSA-2009:197-1

Package name

nss

Date

2009-09-01

Advisory ID

MDVSA-2009:197-1

Affected versions

2008.1 x86_64 , 2008.1 i586

Problem description

Security issues in nss prior to 3.12.3 could lead to a
man-in-the-middle attack via a spoofed X.509 certificate
(CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also
cause a denial-of-service and possible code execution via a long
domain name in X.509 certificate (CVE-2009-2404).

This update provides the latest versions of NSS and NSPR libraries
which are not vulnerable to those attacks.

Update:

This update also provides fixed packages for Mandriva Linux 2008.1

Updated packages

2008.1 x86_64

 58d390af357253669d802b948adcd728  2008.1/x86_64/lib64nspr4-4.7.5-0.1mdv2008.1.x86_64.rpm
 81b4060266dc9451903c1ba359b49ebe  2008.1/x86_64/lib64nspr-devel-4.7.5-0.1mdv2008.1.x86_64.rpm
 ddb36ba3de5f39010481bc71c8c6b6f1  2008.1/x86_64/lib64nss3-3.12.3.1-0.1mdv2008.1.x86_64.rpm
 404e5c1d07c1838c7cfcc03d4ca0d94a  2008.1/x86_64/lib64nss-devel-3.12.3.1-0.1mdv2008.1.x86_64.rpm
 ad4bd40e77dd746fe9cddfb4c34d2f62  2008.1/x86_64/lib64nss-static-devel-3.12.3.1-0.1mdv2008.1.x86_64.rpm
 cbad5d086771ecd927edd51eda1fd36c  2008.1/x86_64/nss-3.12.3.1-0.1mdv2008.1.x86_64.rpm 
 daa825f74749ae4e255e7783eb590b90  2008.1/SRPMS/nspr-4.7.5-0.1mdv2008.1.src.rpm
 0d17f86fabf84c9ae04f7e520bc0a679  2008.1/SRPMS/nss-3.12.3.1-0.1mdv2008.1.src.rpm

2008.1 i586

 9228daed5355d9175cbd25faf90a1323  2008.1/i586/libnspr4-4.7.5-0.1mdv2008.1.i586.rpm
 58c5ec5d221d0013254d144272162ece  2008.1/i586/libnspr-devel-4.7.5-0.1mdv2008.1.i586.rpm
 910b4ddc4285154103c7fd251feac41e  2008.1/i586/libnss3-3.12.3.1-0.1mdv2008.1.i586.rpm
 1ef05d27d0d04facfcbf1f13cc84c166  2008.1/i586/libnss-devel-3.12.3.1-0.1mdv2008.1.i586.rpm
 1add6ba2355ec0a0571407571f02226e  2008.1/i586/libnss-static-devel-3.12.3.1-0.1mdv2008.1.i586.rpm
 18de04c0e62a1e09800b25f045de726e  2008.1/i586/nss-3.12.3.1-0.1mdv2008.1.i586.rpm 
 daa825f74749ae4e255e7783eb590b90  2008.1/SRPMS/nspr-4.7.5-0.1mdv2008.1.src.rpm
 0d17f86fabf84c9ae04f7e520bc0a679  2008.1/SRPMS/nss-3.12.3.1-0.1mdv2008.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408