BSA-009 Security Update for nss
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Alexander Reichle-Schmehl uploaded new packages for nss which fixed the
following security problems:
CVE-2010-3170
NSS recognizes a wildcard IP address in the subject's Common
Name field of an X.509 certificate, which might allow
man-in-the-middle attackers to spoof arbitrary SSL servers via
a crafted certificate issued by a legitimate Certification
Authority.
CVE-2010-3173
NSS does not properly set the minimum key length for
Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for
remote attackers to defeat cryptographic protection mechanisms
via a brute-force attack.
For the lenny-backports distribution the problems have been fixed in
version 3.12.8-1~bpo50+1.
Upgrade instructions
- --------------------
If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with
the packagelist of your installed packages affected by this update.
[1] <http://backports.debian.org/Instructions>
We recommend to pin (in /etc/apt/preferences) the backports repository to
200 so that new versions of installed backports will be installed
automatically.
Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJM0CjaAAoJEMJLZaJnLIsSiZsQALSK223p6p7PWDYoCHg2FCsk
P+Vf7Se3UnDmSsgiZGKw73AgVONYWdQLX1hq3q5qxPbay6Az7nhtZ7RCk8mqObXb
NDM8kW4CcMjHaNpSqjcgHV4clmLCF5PrmP7c0xzbwaaz9NIjhFlKuuBsRMLJvRV8
6WbCZD4VVsXRe9XK1Se+VvBYaiSRAETsEGQhd/BYYaCwcvKHvQMeNGpalBTwEWgh
N9Sx7xoAyiKmVyltgi/bowGiFawQ5QZ6cDY3kLOiqHRG52QvIJqiKtpKdSUtET59
tWAMwYzulz8e5ybDbOkncBeWCutS1SSWFFUMDzTbCN4KrLpWXZJDo4H71cJgvBb2
ga7AyDS9caQQ/quX/y0zHJJnkUH1lp6t9tkhB6llH8fXMJbILBjOu3tKRiFHgpQD
OYg1GTbvyjVW/WZfqa679pFrYi6esBix3DmijTwhYDzO1uwmz39iX/Q3NTN9Uigf
/PQOvq/0ufTKyKEJeN/TbP8qNDnydfcUj9wVE4OwNkWeqDF5EQHfodQ8MvcDcyTN
i1QBeLdwrJTiPuIxbbm42bhCF74G3qoInexQRTOWSpLWP6xB3nZuYPkT0ybQjGZJ
B/DIf9gRVXIWWO7Wo3GpuJDUU2dv4hx8lokZrCe+eQmYjLQyghaV5KNnVsph8Mzj
QuBv3RO91c7d090EzTr3
=iTXX
-----END PGP SIGNATURE-----
Reply to: