-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:189
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : nss
Date : September 25, 2014
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in Mozilla NSS:
Antoine Delignat-Lavaud, security researcher at Inria Paris in
team Prosecco, reported an issue in Network Security Services (NSS)
libraries affecting all versions. He discovered that NSS is vulnerable
to a variant of a signature forgery attack previously published
by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1
values involved in a signature and could lead to the forging of RSA
certificates (CVE-2014-1568).
The updated NSPR packages h