Mandriva Linux Security Advisory : nss (MDVSA-2009:197-3)
High Nessus Plugin ID 40522
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionSecurity issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate (CVE-2009-2404).
This update provides the latest versions of NSS and NSPR libraries which are not vulnerable to those attacks.
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
SolutionUpdate the affected packages.