[ MDVSA-2014:189 ] nss

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:189
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : nss
 Date    : September 25, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in Mozilla NSS:
 
 Antoine Delignat-Lavaud, security researcher at Inria Paris in
 team Prosecco, reported an issue in Network Security Services (NSS)
 libraries affecting all versions. He discovered that NSS is vulnerable
 to a variant of a signature forgery attack previously published
 by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1
 values involved in a signature and could lead to the forging of RSA
 certificates (CVE-2014-1568).
 
 The updated NSPR packages h

Leave a Reply