Package : nss
Vulnerability : several
Problem type : remote
CVE Id(s) : CVE-2010-3170 CVE-2010-3173
Several vulnerabilities have been discovered in Mozilla's Network
Security Services (NSS) library. The Common Vulnerabilities and
Exposures project identifies the following problems:
NSS recognizes a wildcard IP address in the subject's Common
Name field of an X.509 certificate, which might allow
man-in-the-middle attackers to spoof arbitrary SSL servers via
a crafted certificate issued by a legitimate Certification
NSS does not properly set the minimum key length for
Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for
remote attackers to defeat cryptographic protection mechanisms
via a brute-force attack.
For the stable distribution (lenny), these problems have been fixed in
For the unstable distribution (sid) and the upcoming stable
distribution (squeeze), these problems have been fixed in version
We recommend that you upgrade your NSS packages.
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
will update the internal database
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny