This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Google reported to Mozilla that TURKTRUST, a certificate authority in
Mozillas root program, had mis-issued two intermediate certificates to
customers. The issue was not specific to Firefox but there was
evidence that one of the certificates was used for man-in-the-middle
(MITM) traffic management of domain names that the customer did not
legitimately own or control. This issue was resolved by revoking the
trust for these specific mis-issued certificates (CVE-2013-0743).
The rootcerts package has been upgraded to address this flaw and the
Mozilla NSS package has been rebuilt to pickup the changes.
The TLS implementation in Mozilla Network Security Services (NSS) does
not properly consider timing side-channel attacks on a noncompliant
MAC check operation during the processing of malformed CBC padding,
which allows remote attackers to conduct distinguishing attacks and
plaintext-recovery attacks via statistical analysis of timing data for
crafted packets, a related issue to CVE-2013-0169 (CVE-2013-1620).
The NSPR package has been upgraded to the 4.9.5 version due to
dependecies of newer NSS.
The NSS package has been upgraded to the 3.14.3 version which is not
vulnerable to this issue.
The sqlite3 update addresses a crash when using svn commit after
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true