Debian: DSA-1874-1 Critical: NSS Package Multiple Threats
debian
August 26, 2009
Several vulnerabilities have been discovered in the Network Security Service libraries
Summary
Several vulnerabilities have been discovered in the Network Security
Service libraries. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2009-2404
Moxie Marlinspike discovered that a buffer overflow in the regular
expression parser could lead to the execution of arbitrary code.
CVE-2009-2408
Dan Kaminsky discovered that NULL characters in certificate
names could lead to man-in-the-middle attacks by tricking the user
into accepting a rogue certificate.
CVE-2009-2409
Certificates with MD2 hash signatures are no longer accepted
since they're no longer considered cryptograhically secure.
The old stable distribution (etch) doesn't contain nss.
For the stable distribution (lenny), these problems have been fixed in
version 3.12.3.1-0lenny1.
For the unstable distribution (sid), these problems have been fixed in
version 3.12.3.1-1.
We recommend that you upgrade your nss packages.
Upgrade instructions
- --------------------
wget url
will fetch the...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: nss
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!