Get the LinuxSecurity news you want faster with RSS
Powered By
Debian: 2339-1: nss: Multiple vulnerabilities
Posted by Benjamin D. Thomas
This update to the NSS cryptographic libraries revokes the trust in the "DigiCert Sdn. Bhd" certificate authority. More information can be found in the Mozilla Security Blog: http://blog.mozilla.com/security/2011/11/03/revoking-trust-in-digicert-sdn-bhd-intermediate-certificate-authority/ [More...]
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2339-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
November 07, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : nss
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-3640
Debian Bug : 647614
This update to the NSS cryptographic libraries revokes the trust in the
"DigiCert Sdn. Bhd" certificate authority. More information can be found
in the Mozilla Security Blog:
http://blog.mozilla.com/security/2011/11/03/revoking-trust-in-digicert-sdn-bhd-intermediate-certificate-authority/
This update also fixes an insecure load path for pkcs11.txt configuration
file (CVE-2011-3640).
For the oldstable distribution (lenny), this problem has been fixed in
version 3.12.3.1-0lenny7.
For the stable distribution (squeeze), this problem has been fixed in
version 3.12.8-1+squeeze4.
For the unstable distribution (sid), this problem has been fixed in
version 3.13.1.with.ckbi.1.88-1.
We recommend that you upgrade your nss packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
