Mandriva Linux Security Advisory : rootcerts (MDVSA-2013:003)

High Nessus Plugin ID 63464


The remote Mandriva Linux host is missing one or more security updates.


Google reported to Mozilla that TURKTRUST, a certificate authority in Mozillas root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates (CVE-2013-0743).

The rootcerts package has been upgraded to address this flaw and the Mozilla NSS package has been rebuilt to pickup the changes.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 63464

File Name: mandriva_MDVSA-2013-003.nasl

Version: $Revision: 1.8 $

Type: local

Published: 2013/01/10

Modified: 2013/06/01

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64nss-devel, p-cpe:/a:mandriva:linux:lib64nss-static-devel, p-cpe:/a:mandriva:linux:lib64nss3, p-cpe:/a:mandriva:linux:libnss-devel, p-cpe:/a:mandriva:linux:libnss-static-devel, p-cpe:/a:mandriva:linux:libnss3, p-cpe:/a:mandriva:linux:nss, p-cpe:/a:mandriva:linux:rootcerts, p-cpe:/a:mandriva:linux:rootcerts-java, cpe:/o:mandriva:linux:2011

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2013/01/09

Reference Information

MDVSA: 2013:003