-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:059
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : nss
 Date    : March 13, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in the Mozilla
 NSS and NSPR packages:
 
 The cert_TestHostName function in lib/certdb/certdb.c in the
 certificate-checking implementation in Mozilla Network Security
 Services (NSS) before 3.16 accepts a wildcard character that is
 embedded in an internationalized domain name's U-label, which might
 allow man-in-the-middle attackers to spoof SSL servers via a crafted
 certificate (CVE-2014-1492).
 
 Use-after-free vulnerability in the CERT_DestroyCertificate function
 in li