-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:197 http://www.mandriva.com/security/ _______________________________________________________________________ Package : nss Date : August 7, 2009 Affected: 2009.0, 2009.1, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Security issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate (CVE-2009-2404). This update provides the latest versions of NSS and NSPR libraries which are not vulnerable to those attacks. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: f1a3c79a29336f72dee81f2c2ce77079 2009.0/i586/libnspr4-4.7.5-0.1mdv2009.0.i586.rpm c703c373c35f68e17e09c9b3edc60dee 2009.0/i586/libnspr-devel-4.7.5-0.1mdv2009.0.i586.rpm 2db7bcea1b239d1a56112fd7ba8ffb9e 2009.0/i586/libnss3-3.12.3.1-0.1mdv2009.0.i586.rpm b3e4bc2a61001ac0d7e8dec04eda7d84 2009.0/i586/libnss-devel-3.12.3.1-0.1mdv2009.0.i586.rpm eb7094fe1affd15a0386e61b41fcf2d9 2009.0/i586/libnss-static-devel-3.12.3.1-0.1mdv2009.0.i586.rpm e13ff7a2350c4758c3cef8d0ad22187e 2009.0/i586/nss-3.12.3.1-0.1mdv2009.0.i586.rpm c4b21c10b38d3ed7555ab4abd2294c3f 2009.0/SRPMS/nspr-4.7.5-0.1mdv2009.0.src.rpm 745ed32d19b1b58b86669b77b6dc9cef 2009.0/SRPMS/nss-3.12.3.1-0.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 79a4f1a583f81bce7f8c62986b709220 2009.0/x86_64/lib64nspr4-4.7.5-0.1mdv2009.0.x86_64.rpm 11fbdd2a7ce6d93676c07102bc9e2f8e 2009.0/x86_64/lib64nspr-devel-4.7.5-0.1mdv2009.0.x86_64.rpm 87ed9bd3b8f6396a56fb08ea9b2d6bfc 2009.0/x86_64/lib64nss3-3.12.3.1-0.1mdv2009.0.x86_64.rpm 3f63723ad79452362f0cbdcc2c864ed7 2009.0/x86_64/lib64nss-devel-3.12.3.1-0.1mdv2009.0.x86_64.rpm f425d17a91029ff65b4a9b2aa7d9f8cc 2009.0/x86_64/lib64nss-static-devel-3.12.3.1-0.1mdv2009.0.x86_64.rpm feba467cc0589c40ae61800cba1ab12d 2009.0/x86_64/nss-3.12.3.1-0.1mdv2009.0.x86_64.rpm c4b21c10b38d3ed7555ab4abd2294c3f 2009.0/SRPMS/nspr-4.7.5-0.1mdv2009.0.src.rpm 745ed32d19b1b58b86669b77b6dc9cef 2009.0/SRPMS/nss-3.12.3.1-0.1mdv2009.0.src.rpm Mandriva Linux 2009.1: 8cd8c4b87b27e0448f2560114bd83bb3 2009.1/i586/libnspr4-4.7.5-0.1mdv2009.1.i586.rpm 82ce975b0c3d55c09c6e5157a4627101 2009.1/i586/libnspr-devel-4.7.5-0.1mdv2009.1.i586.rpm 93906e880dec09678a7738bd147967d5 2009.1/i586/libnss3-3.12.3.1-0.1mdv2009.1.i586.rpm 1059c53a7c0bbbe57f44dd748df5f530 2009.1/i586/libnss-devel-3.12.3.1-0.1mdv2009.1.i586.rpm 1f2b1e8f2a8aee4d5f4a301f0f88c96b 2009.1/i586/libnss-static-devel-3.12.3.1-0.1mdv2009.1.i586.rpm 45297bcc9da17bcdb6515b1ded9d0b56 2009.1/i586/nss-3.12.3.1-0.1mdv2009.1.i586.rpm 6ce5146371c4f730f89205041c8747c2 2009.1/SRPMS/nspr-4.7.5-0.1mdv2009.1.src.rpm 3b19dc2f4f2265516b39a194f32469ae 2009.1/SRPMS/nss-3.12.3.1-0.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 998b4a57be0efb4babb9b7fea094e194 2009.1/x86_64/lib64nspr4-4.7.5-0.1mdv2009.1.x86_64.rpm 7631098c5bd6ca484295f8240e381846 2009.1/x86_64/lib64nspr-devel-4.7.5-0.1mdv2009.1.x86_64.rpm 67596dbf16bd7d7472607870e81fdd5e 2009.1/x86_64/lib64nss3-3.12.3.1-0.1mdv2009.1.x86_64.rpm a306fc84ee4a87beb53bfd0927726624 2009.1/x86_64/lib64nss-devel-3.12.3.1-0.1mdv2009.1.x86_64.rpm b55efb339da1e02fc30dd12cfc481447 2009.1/x86_64/lib64nss-static-devel-3.12.3.1-0.1mdv2009.1.x86_64.rpm 5b74be3721f34c50f694e9fcefe6a473 2009.1/x86_64/nss-3.12.3.1-0.1mdv2009.1.x86_64.rpm 6ce5146371c4f730f89205041c8747c2 2009.1/SRPMS/nspr-4.7.5-0.1mdv2009.1.src.rpm 3b19dc2f4f2265516b39a194f32469ae 2009.1/SRPMS/nss-3.12.3.1-0.1mdv2009.1.src.rpm Mandriva Enterprise Server 5: 716f2bd75c87311db7f67a28de3ff280 mes5/i586/libnspr4-4.7.5-0.1mdvmes5.i586.rpm ded949730043e580c871f2cb5e79b0ec mes5/i586/libnspr-devel-4.7.5-0.1mdvmes5.i586.rpm 40233afde79f89595e5ac5d5d82978de mes5/i586/libnss3-3.12.3.1-0.1mdvmes5.i586.rpm db5845f7689f4a804c22fc1b526b63da mes5/i586/libnss-devel-3.12.3.1-0.1mdvmes5.i586.rpm 4b9feb67d67af798a2ebd6462cd6baca mes5/i586/libnss-static-devel-3.12.3.1-0.1mdvmes5.i586.rpm adc99fd98222f78b51f15c1882afe48c mes5/i586/nss-3.12.3.1-0.1mdvmes5.i586.rpm 9c427e46d75b1b960e89ae0bffece026 mes5/SRPMS/nspr-4.7.5-0.1mdvmes5.src.rpm 743e29fc78ccda2b72a12b9c44831401 mes5/SRPMS/nss-3.12.3.1-0.1mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: dc5310ab580fcc88b0ca7a3d0d9e0003 mes5/x86_64/lib64nspr4-4.7.5-0.1mdvmes5.x86_64.rpm d27ac59efb819ee6fa8fecb8a4285ae1 mes5/x86_64/lib64nspr-devel-4.7.5-0.1mdvmes5.x86_64.rpm 163da07011b8da2b83c0632c4535bf33 mes5/x86_64/lib64nss3-3.12.3.1-0.1mdvmes5.x86_64.rpm 2d3c6712c3a9997a3f866729736651e8 mes5/x86_64/lib64nss-devel-3.12.3.1-0.1mdvmes5.x86_64.rpm 974c5f16ce666817f6e851f8b3bfb339 mes5/x86_64/lib64nss-static-devel-3.12.3.1-0.1mdvmes5.x86_64.rpm 92b5732957ad6ea00d1635737d425874 mes5/x86_64/nss-3.12.3.1-0.1mdvmes5.x86_64.rpm 9c427e46d75b1b960e89ae0bffece026 mes5/SRPMS/nspr-4.7.5-0.1mdvmes5.src.rpm 743e29fc78ccda2b72a12b9c44831401 mes5/SRPMS/nss-3.12.3.1-0.1mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKfHeXmqjQ0CJFipgRAlkEAJ9FIspFN3yaMTZxo+XNMK1xyWFS5ACfR1CA YhYhKVCghHrxfRbmHQDhzQI= =cqmE -----END PGP SIGNATURE-----