Debian Lenny DSA-2123-1 Critical: NSS Remote Risk Advisory
debian
November 1, 2010
Several vulnerabilities have been discovered in Mozilla's Network Security Services (NSS) library
Summary
Several vulnerabilities have been discovered in Mozilla's Network
Security Services (NSS) library. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2010-3170
NSS recognizes a wildcard IP address in the subject's Common
Name field of an X.509 certificate, which might allow
man-in-the-middle attackers to spoof arbitrary SSL servers via
a crafted certificate issued by a legitimate Certification
Authority.
CVE-2010-3173
NSS does not properly set the minimum key length for
Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for
remote attackers to defeat cryptographic protection mechanisms
via a brute-force attack.
For the stable distribution (lenny), these problems have been fixed in
version 3.12.3.1-0lenny2.
For the unstable distribution (sid) and the upcoming stable
distribution (squeeze), these problems have been fixed in version
3.12.8-1.
We recommend that you upgrade your NSS packages.
Upgrade instructions
- --------------------
wget url
wil...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: nss
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!