Summary
The remote host is missing an update to nss
announced via advisory MDVSA-2009:197-3.
Solution
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:197-3
Insight
Security issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate (CVE-2009-2404).
This update provides the latest versions of NSS and NSPR libraries which are not vulnerable to those attacks.
Update:
Packages for 2008.0 are being provided due to extended support for Corporate products.
Affected: 2008.0
Severity
Classification
-
CVE CVE-2009-2404, CVE-2009-2408, CVE-2009-2409 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities