DSA-1874-1 nss -- severalID: oval:org.secpod.oval:def:600447 | Date: (C)2011-05-13 (M)2024-02-19 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in the Network Security Service libraries. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2404 Moxie Marlinspike discovered that a buffer overflow in the regular expression parser could lead to the execution of arbitrary code. CVE-2009-2408 Dan Kaminsky discovered that NULL characters in certificate names could lead to man-in-the-middle attacks by tricking the user into accepting a rogue certificate. CVE-2009-2409 Certificates with MD2 hash signatures are no longer accepted since they"re no longer considered cryptograhically secure. The old stable distribution doesn"t contain nss. For the stable distribution , these problems have been fixed in version 3.12.3.1-0lenny1. For the unstable distribution , these problems have been fixed in version 3.12.3.1-1. We recommend that you upgrade your nss packages.