Lucene search

K
debianDebianDEBIAN:BSA-009-:61B02
HistoryNov 02, 2010 - 7:04 p.m.

BSA-009 Security Update for nss

2010-11-0219:04:18
lists.debian.org
24
security update
nss
wildcard ip address
diffie-hellman
lenny-backports
apt-get
pinning
backports repository

EPSS

0.009

Percentile

82.8%

Alexander Reichle-Schmehl uploaded new packages for nss which fixed the
following security problems:

CVE-2010-3170
NSS recognizes a wildcard IP address in the subject's Common
Name field of an X.509 certificate, which might allow
man-in-the-middle attackers to spoof arbitrary SSL servers via
a crafted certificate issued by a legitimate Certification
Authority.

CVE-2010-3173
NSS does not properly set the minimum key length for
Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for
remote attackers to defeat cryptographic protection mechanisms
via a brute-force attack.

For the lenny-backports distribution the problems have been fixed in
version 3.12.8-1~bpo50+1.

Upgrade instructions


If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with
the packagelist of your installed packages affected by this update.
[1] <http://backports.debian.org/Instructions&gt;

We recommend to pin (in /etc/apt/preferences) the backports repository to
200 so that new versions of installed backports will be installed
automatically.

Package: *
Pin: release a=lenny-backports
Pin-Priority: 200