Mandriva Security Advisory MDVSA-2009:197-3 (nss)

Summary
The remote host is missing an update to nss announced via advisory MDVSA-2009:197-3.
Solution
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:197-3
Insight
Security issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate (CVE-2009-2404). This update provides the latest versions of NSS and NSPR libraries which are not vulnerable to those attacks. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. Affected: 2008.0