Scientific Linux Security Update : nss on SL6.x i386/x86_64
Medium Nessus Plugin ID 60895
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA flaw was found in the way NSS matched SSL certificates when the certificates had a Common Name containing a wildcard and a partial IP address. NSS incorrectly accepted connections to IP addresses that fell within the SSL certificate's wildcard range as valid SSL connections, possibly allowing an attacker to conduct a man-in-the-middle attack. (CVE-2010-3170)
After installing the update, applications using NSS must be restarted for the changes to take effect.
SolutionUpdate the affected packages.