Google, Inc. discovered that the TurkTrust certification authority included in the Network Security Service libraries (nss) mis-issued two intermediate CAs which could be used to generate rogue end-entity certificates. This update explicitly distrusts those two intermediate CAs. The two existing TurkTrust root CAs remain active.

For the stable distribution (squeeze), this problem has been fixed in version 3.12.8-1+squeeze6. For the testing distribution (wheezy), this problem has been fixed in version 2:3.13.6-2. For the unstable distribution (sid), this problem has been fixed in version 2:3.14.1.with.ckbi.1.93-1. We recommend that you upgrade your nss packages.

nss is a set of libraries designed to support cross-platform development of security-enabled client and server applications.

nss on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2013/dsa-2599.html

---

Updated on 2015-03-25