Mandriva Linux Security Advisory : rootcerts (MDVSA-2013:003)

high Nessus Plugin ID 63464

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Google reported to Mozilla that TURKTRUST, a certificate authority in Mozillas root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates (CVE-2013-0743).

The rootcerts package has been upgraded to address this flaw and the Mozilla NSS package has been rebuilt to pickup the changes.

Solution

Update the affected packages.

See Also

http://www.mozilla.org/security/announce/2013/mfsa2013-20.html

Plugin Details

Severity: High

ID: 63464

File Name: mandriva_MDVSA-2013-003.nasl

Version: 1.11

Type: local

Published: 1/10/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:rootcerts-java, cpe:/o:mandriva:linux:2011, p-cpe:/a:mandriva:linux:lib64nss-devel, p-cpe:/a:mandriva:linux:lib64nss-static-devel, p-cpe:/a:mandriva:linux:lib64nss3, p-cpe:/a:mandriva:linux:libnss-devel, p-cpe:/a:mandriva:linux:libnss-static-devel, p-cpe:/a:mandriva:linux:libnss3, p-cpe:/a:mandriva:linux:nss, p-cpe:/a:mandriva:linux:rootcerts

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 1/9/2013

Reference Information

MDVSA: 2013:003