DSA-2123-1 nss -- severalID: oval:org.secpod.oval:def:600085 | Date: (C)2011-01-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in Mozilla"s Network Security Services library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3170 NSS recognizes a wildcard IP address in the subject"s Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVE-2010-3173 NSS does not properly set the minimum key length for Diffie-Hellman Ephemeral mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. For the stable distribution , these problems have been fixed in version 3.12.3.1-0lenny2. For the unstable distribution and the upcoming stable distribution , these problems have been fixed in version 3.12.8-1. We recommend that you upgrade your NSS packages.