This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Updated nss packages fix security vulnerabilities :
In the QuickDER decoder in NSS before 3.17.3, ASN.1 DER decoding of
lengths is too permissive, allowing undetected smuggling of arbitrary
This update adds support for the TLS Fallback Signaling Cipher Suite
Value (TLS_FALLBACK_SCSV) in NSS, which can be used to prevent
protocol downgrade attacks against applications which re-connect using
a lower SSL/TLS protocol version when the initial connection
indicating the highest supported protocol version fails. This can
prevent a forceful downgrade of the communication to SSL 3.0,
mitigating CVE-2014-3566, also known as POODLE. SSL 3.0 support has
also been disabled by default in this Firefox and Thunderbird update,
further mitigating POODLE.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5