Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Scientific Linux: CVE-2009-3555 Moderate: NSS TLS Session Flaw

Calendar Mar 25, 2010 User Avatar LinuxSecurity Advisories
2 - 3 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory man-in-the-middle TLS Moderate nss session renegotiation Scientific Linux
Moderate: nss security update 
Date: Thu, 25 Mar 2010 11:05:25 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Moderate: nss on SL4.x, SL5.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Moderate: nss security update
Issue date:	2010-03-25
CVE Names:	CVE-2009-3555

CVE-2009-3555 TLS: MITM attacks via session renegotiation

A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handled session renegotiation. A
man-in-the-middle attacker could use this flaw to prefix arbitrary plain
text to a client's session (for example, an HTTPS connection to a
website). This could force the server to process an attacker's request
as if authenticated using the victim's credentials. This update
addresses this flaw by implementing the TLS Renegotiation Indication
Extension, as defined in RFC 5746. (CVE-2009-3555)

Refer to the following Knowledgebase article for additional details
about this flaw:
All running applications using the NSS library must be restarted for
this update to take effect.

SL 4.x

 SRPMS:
nspr-4.8.4-1.1.el4_8.src.rpm
nss-3.12.6-1.el4_8.src.rpm
 i386:
nspr-4.8.4-1.1.el4_8.i386.rpm
nspr-devel-4.8.4-1.1.el4_8.i386.rpm
nss-3.12.6-1.el4_8.i386.rpm
nss-devel-3.12.6-1.el4_8.i386.rpm
nss-tools-3.12.6-1.el4_8.i386.rpm
 x86_64:
nspr-4.8.4-1.1.el4_8.i386.rpm
nspr-4.8.4-1.1.el4_8.x86_64.rpm
nspr-devel-4.8.4-1.1.el4_8.x86_64.rpm
nss-3.12.6-1.el4_8.i386.rpm
nss-3.12.6-1.el4_8.x86_64.rpm
nss-devel-3.12.6-1.el4_8.x86_64.rpm
nss-tools-3.12.6-1.el4_8.x86_64.rpm

SL 5.x

 SRPMS:
nspr-4.8.4-1.el5_4.src.rpm
nss-3.12.6-1.el5_4.src.rpm
 i386:
nspr-4.8.4-1.el5_4.i386.rpm
nspr-devel-4.8.4-1.el5_4.i386.rpm
nss-3.12.6-1.el5_4.i386.rpm
nss-devel-3.12.6-1.el5_4.i386.rpm
nss-pkcs11-devel-3.12.6-1.el5_4.i386.rpm
nss-tools-3.12.6-1.el5_4.i386.rpm
 x86_64:
nspr-4.8.4-1.el5_4.i386.rpm
nspr-4.8.4-1.el5_4.x86_64.rpm
nspr-devel-4.8.4-1.el5_4.i386.rpm
nspr-devel-4.8.4-1.el5_4.x86_64.rpm
nss-3.12.6-1.el5_4.i386.rpm
nss-3.12.6-1.el5_4.x86_64.rpm
nss-devel-3.12.6-1.el5_4.i386.rpm
nss-devel-3.12.6-1.el5_4.x86_64.rpm
nss-pkcs11-devel-3.12.6-1.el5_4.i386.rpm
nss-pkcs11-devel-3.12.6-1.el5_4.x86_64.rpm
nss-tools-3.12.6-1.el5_4.x86_64.rpm

-Connie Sieh
-Troy Dawson

Related News

Your message here