BSA-009 Security Update for nss

To: debian-backports-announce@lists.debian.org
Subject: BSA-009 Security Update for nss
From: Alexander Reichle-Schmehl <tolimar@debian.org>
Date: Tue, 2 Nov 2010 16:06:03 +0100
Message-id: <[🔎] 20101102150603.GH2261@melusine.alphascorpii.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Alexander Reichle-Schmehl uploaded new packages for nss which fixed the
following security problems:

CVE-2010-3170
	NSS recognizes a wildcard IP address in the subject's Common
	Name field of an X.509 certificate, which might allow
	man-in-the-middle attackers to spoof arbitrary SSL servers via
	a crafted certificate issued by a legitimate Certification
	Authority.

CVE-2010-3173
	NSS does not properly set the minimum key length for
	Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for
	remote attackers to defeat cryptographic protection mechanisms
	via a brute-force attack.

For the lenny-backports distribution the problems have been fixed in
version 3.12.8-1~bpo50+1.


Upgrade instructions
- --------------------

If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with
the packagelist of your installed packages affected by this update.
[1] <http://backports.debian.org/Instructions>

We recommend to pin (in /etc/apt/preferences) the backports repository to
200 so that new versions of installed  backports will be installed
automatically. 

  Package: *
  Pin: release a=lenny-backports
  Pin-Priority: 200

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJM0CjaAAoJEMJLZaJnLIsSiZsQALSK223p6p7PWDYoCHg2FCsk
P+Vf7Se3UnDmSsgiZGKw73AgVONYWdQLX1hq3q5qxPbay6Az7nhtZ7RCk8mqObXb
NDM8kW4CcMjHaNpSqjcgHV4clmLCF5PrmP7c0xzbwaaz9NIjhFlKuuBsRMLJvRV8
6WbCZD4VVsXRe9XK1Se+VvBYaiSRAETsEGQhd/BYYaCwcvKHvQMeNGpalBTwEWgh
N9Sx7xoAyiKmVyltgi/bowGiFawQ5QZ6cDY3kLOiqHRG52QvIJqiKtpKdSUtET59
tWAMwYzulz8e5ybDbOkncBeWCutS1SSWFFUMDzTbCN4KrLpWXZJDo4H71cJgvBb2
ga7AyDS9caQQ/quX/y0zHJJnkUH1lp6t9tkhB6llH8fXMJbILBjOu3tKRiFHgpQD
OYg1GTbvyjVW/WZfqa679pFrYi6esBix3DmijTwhYDzO1uwmz39iX/Q3NTN9Uigf
/PQOvq/0ufTKyKEJeN/TbP8qNDnydfcUj9wVE4OwNkWeqDF5EQHfodQ8MvcDcyTN
i1QBeLdwrJTiPuIxbbm42bhCF74G3qoInexQRTOWSpLWP6xB3nZuYPkT0ybQjGZJ
B/DIf9gRVXIWWO7Wo3GpuJDUU2dv4hx8lokZrCe+eQmYjLQyghaV5KNnVsph8Mzj
QuBv3RO91c7d090EzTr3
=iTXX
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: call for re-evaluating the state of your backports
Next by Date: BSA-010 Security Update for iceweasel
Previous by thread: call for re-evaluating the state of your backports
Next by thread: BSA-010 Security Update for iceweasel
Index(es):
- Date
- Thread