SuSE 10 Security Update : mozilla-nss,mozilla-nss-devel (ZYPP Patch Number 2067)
Medium Nessus Plugin ID 29522
The remote SuSE 10 host is missing a security-related patch.
A security problem in the SSL handling of the NSS libraries was found : If an RSA key with exponent 3 is used it may be possible to forge a PKCS verify the certificate if they are not checking for excess data in the RSA exponentiation result of the signature. This bug is tracked by the Mitre CVE ID CVE-2006-4340 / CVE-2006-4341.