Mandriva Linux Security Advisory : rootcerts (MDVSA-2013:003)
High Nessus Plugin ID 63464
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionGoogle reported to Mozilla that TURKTRUST, a certificate authority in Mozillas root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates (CVE-2013-0743).
The rootcerts package has been upgraded to address this flaw and the Mozilla NSS package has been rebuilt to pickup the changes.
SolutionUpdate the affected packages.