Package name
nss
Date
2009-09-11
Advisory ID
MDVSA-2009:197-2
Affected versions
2008.1 x86_64 , 2008.1 i586

Problem description

Security issues in nss prior to 3.12.3 could lead to a
man-in-the-middle attack via a spoofed X.509 certificate
(CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also
cause a denial-of-service and possible code execution via a long
domain name in X.509 certificate (CVE-2009-2404).

This update provides the latest versions of NSS and NSPR libraries
which are not vulnerable to those attacks.

Update:

This update also provides fixed packages for Mandriva Linux 2008.1
and fixes mozilla-thunderbird error messages.

Updated packages

2008.1 x86_64

 f5e47750b4783d42d1290114b9c3d8d8  2008.1/x86_64/lib64nss3-3.12.3.1-0.2mdv2008.1.x86_64.rpm
 72ed9a236283f342b97f5c49df19c404  2008.1/x86_64/lib64nss-devel-3.12.3.1-0.2mdv2008.1.x86_64.rpm
 4ae51a359c93f2ff40a0c5c40049e36d  2008.1/x86_64/lib64nss-static-devel-3.12.3.1-0.2mdv2008.1.x86_64.rpm
 0b2b4d83d403e333202631390b4b0c58  2008.1/x86_64/nss-3.12.3.1-0.2mdv2008.1.x86_64.rpm 
 9eb569a34f2328ae0646a7134d4f1248  2008.1/SRPMS/nss-3.12.3.1-0.2mdv2008.1.src.rpm

2008.1 i586

 a4551a03a7c40cce16b0636c62e70c04  2008.1/i586/libnss3-3.12.3.1-0.2mdv2008.1.i586.rpm
 6debdb70bfced1ce40ddc59f78bf6151  2008.1/i586/libnss-devel-3.12.3.1-0.2mdv2008.1.i586.rpm
 60074051e11f1d454b9573564242eccf  2008.1/i586/libnss-static-devel-3.12.3.1-0.2mdv2008.1.i586.rpm
 2986b2dfbd706c6ae33f69652c0b084e  2008.1/i586/nss-3.12.3.1-0.2mdv2008.1.i586.rpm 
 9eb569a34f2328ae0646a7134d4f1248  2008.1/SRPMS/nss-3.12.3.1-0.2mdv2008.1.src.rpm

References