To: [email protected]Subject: [ MDVSA-2009:197 ] nss
Date: Fri, 07 Aug 2009 23:59:00 +0200
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1MZXSm-00013B-B7@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:197
http://www.mandriva.com/security/
_______________________________________________________________________
Package : nss
Date : August 7, 2009
Affected: 2009.0, 2009.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Security issues in nss prior to 3.12.3 could lead to a
man-in-the-middle attack via a spoofed X.509 certificate
(CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also
cause a denial-of-service and possible code execution via a long
domain name in X.509 certificate (CVE-2009-2404).
This update provides the latest versions of NSS and NSPR libraries
which are not vulnerable to those attacks.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
f1a3c79a29336f72dee81f2c2ce77079 2009.0/i586/libnspr4-4.7.5-0.1mdv2009.0.i586.rpm
c703c373c35f68e17e09c9b3edc60dee 2009.0/i586/libnspr-devel-4.7.5-0.1mdv2009.0.i586.rpm
2db7bcea1b239d1a56112fd7ba8ffb9e 2009.0/i586/libnss3-3.12.3.1-0.1mdv2009.0.i586.rpm
b3e4bc2a61001ac0d7e8dec04eda7d84 2009.0/i586/libnss-devel-3.12.3.1-0.1mdv2009.0.i586.rpm
eb7094fe1affd15a0386e61b41fcf2d9 2009.0/i586/libnss-static-devel-3.12.3.1-0.1mdv2009.0.i586.rpm
e13ff7a2350c4758c3cef8d0ad22187e 2009.0/i586/nss-3.12.3.1-0.1mdv2009.0.i586.rpm
c4b21c10b38d3ed7555ab4abd2294c3f 2009.0/SRPMS/nspr-4.7.5-0.1mdv2009.0.src.rpm
745ed32d19b1b58b86669b77b6dc9cef 2009.0/SRPMS/nss-3.12.3.1-0.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
79a4f1a583f81bce7f8c62986b709220 2009.0/x86_64/lib64nspr4-4.7.5-0.1mdv2009.0.x86_64.rpm
11fbdd2a7ce6d93676c07102bc9e2f8e 2009.0/x86_64/lib64nspr-devel-4.7.5-0.1mdv2009.0.x86_64.rpm
87ed9bd3b8f6396a56fb08ea9b2d6bfc 2009.0/x86_64/lib64nss3-3.12.3.1-0.1mdv2009.0.x86_64.rpm
3f63723ad79452362f0cbdcc2c864ed7 2009.0/x86_64/lib64nss-devel-3.12.3.1-0.1mdv2009.0.x86_64.rpm
f425d17a91029ff65b4a9b2aa7d9f8cc 2009.0/x86_64/lib64nss-static-devel-3.12.3.1-0.1mdv2009.0.x86_64.rpm
feba467cc0589c40ae61800cba1ab12d 2009.0/x86_64/nss-3.12.3.1-0.1mdv2009.0.x86_64.rpm
c4b21c10b38d3ed7555ab4abd2294c3f 2009.0/SRPMS/nspr-4.7.5-0.1mdv2009.0.src.rpm
745ed32d19b1b58b86669b77b6dc9cef 2009.0/SRPMS/nss-3.12.3.1-0.1mdv2009.0.src.rpm
Mandriva Linux 2009.1:
8cd8c4b87b27e0448f2560114bd83bb3 2009.1/i586/libnspr4-4.7.5-0.1mdv2009.1.i586.rpm
82ce975b0c3d55c09c6e5157a4627101 2009.1/i586/libnspr-devel-4.7.5-0.1mdv2009.1.i586.rpm
93906e880dec09678a7738bd147967d5 2009.1/i586/libnss3-3.12.3.1-0.1mdv2009.1.i586.rpm
1059c53a7c0bbbe57f44dd748df5f530 2009.1/i586/libnss-devel-3.12.3.1-0.1mdv2009.1.i586.rpm
1f2b1e8f2a8aee4d5f4a301f0f88c96b 2009.1/i586/libnss-static-devel-3.12.3.1-0.1mdv2009.1.i586.rpm
45297bcc9da17bcdb6515b1ded9d0b56 2009.1/i586/nss-3.12.3.1-0.1mdv2009.1.i586.rpm
6ce5146371c4f730f89205041c8747c2 2009.1/SRPMS/nspr-4.7.5-0.1mdv2009.1.src.rpm
3b19dc2f4f2265516b39a194f32469ae 2009.1/SRPMS/nss-3.12.3.1-0.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
998b4a57be0efb4babb9b7fea094e194 2009.1/x86_64/lib64nspr4-4.7.5-0.1mdv2009.1.x86_64.rpm
7631098c5bd6ca484295f8240e381846 2009.1/x86_64/lib64nspr-devel-4.7.5-0.1mdv2009.1.x86_64.rpm
67596dbf16bd7d7472607870e81fdd5e 2009.1/x86_64/lib64nss3-3.12.3.1-0.1mdv2009.1.x86_64.rpm
a306fc84ee4a87beb53bfd0927726624 2009.1/x86_64/lib64nss-devel-3.12.3.1-0.1mdv2009.1.x86_64.rpm
b55efb339da1e02fc30dd12cfc481447 2009.1/x86_64/lib64nss-static-devel-3.12.3.1-0.1mdv2009.1.x86_64.rpm
5b74be3721f34c50f694e9fcefe6a473 2009.1/x86_64/nss-3.12.3.1-0.1mdv2009.1.x86_64.rpm
6ce5146371c4f730f89205041c8747c2 2009.1/SRPMS/nspr-4.7.5-0.1mdv2009.1.src.rpm
3b19dc2f4f2265516b39a194f32469ae 2009.1/SRPMS/nss-3.12.3.1-0.1mdv2009.1.src.rpm
Mandriva Enterprise Server 5:
716f2bd75c87311db7f67a28de3ff280 mes5/i586/libnspr4-4.7.5-0.1mdvmes5.i586.rpm
ded949730043e580c871f2cb5e79b0ec mes5/i586/libnspr-devel-4.7.5-0.1mdvmes5.i586.rpm
40233afde79f89595e5ac5d5d82978de mes5/i586/libnss3-3.12.3.1-0.1mdvmes5.i586.rpm
db5845f7689f4a804c22fc1b526b63da mes5/i586/libnss-devel-3.12.3.1-0.1mdvmes5.i586.rpm
4b9feb67d67af798a2ebd6462cd6baca mes5/i586/libnss-static-devel-3.12.3.1-0.1mdvmes5.i586.rpm
adc99fd98222f78b51f15c1882afe48c mes5/i586/nss-3.12.3.1-0.1mdvmes5.i586.rpm
9c427e46d75b1b960e89ae0bffece026 mes5/SRPMS/nspr-4.7.5-0.1mdvmes5.src.rpm
743e29fc78ccda2b72a12b9c44831401 mes5/SRPMS/nss-3.12.3.1-0.1mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
dc5310ab580fcc88b0ca7a3d0d9e0003 mes5/x86_64/lib64nspr4-4.7.5-0.1mdvmes5.x86_64.rpm
d27ac59efb819ee6fa8fecb8a4285ae1 mes5/x86_64/lib64nspr-devel-4.7.5-0.1mdvmes5.x86_64.rpm
163da07011b8da2b83c0632c4535bf33 mes5/x86_64/lib64nss3-3.12.3.1-0.1mdvmes5.x86_64.rpm
2d3c6712c3a9997a3f866729736651e8 mes5/x86_64/lib64nss-devel-3.12.3.1-0.1mdvmes5.x86_64.rpm
974c5f16ce666817f6e851f8b3bfb339 mes5/x86_64/lib64nss-static-devel-3.12.3.1-0.1mdvmes5.x86_64.rpm
92b5732957ad6ea00d1635737d425874 mes5/x86_64/nss-3.12.3.1-0.1mdvmes5.x86_64.rpm
9c427e46d75b1b960e89ae0bffece026 mes5/SRPMS/nspr-4.7.5-0.1mdvmes5.src.rpm
743e29fc78ccda2b72a12b9c44831401 mes5/SRPMS/nss-3.12.3.1-0.1mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKfHeXmqjQ0CJFipgRAlkEAJ9FIspFN3yaMTZxo+XNMK1xyWFS5ACfR1CA
YhYhKVCghHrxfRbmHQDhzQI=
=cqmE
-----END PGP SIGNATURE-----