openSUSE 10 Security Update : mozilla-nss (mozilla-nss-2071)
Medium Nessus Plugin ID 27352
SynopsisThe remote openSUSE host is missing a security update.
DescriptionA security problem in the SSL handling of the NSS libraries was found :
If an RSA key with exponent 3 is used it may be possible to forge a PKCS verify the certificate if they are not checking for excess data in the RSA exponentiation result of the signature.
This bug is tracked by the Mitre CVE ID CVE-2006-4340 and CVE-2006-4341.
SolutionUpdate the affected mozilla-nss packages.