Test Kennung:	1.3.6.1.4.1.25623.1.0.64842
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDVSA-2009:197-2 (nss)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to nss announced via advisory MDVSA-2009:197-2. Security issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate (CVE-2009-2404). This update provides the latest versions of NSS and NSPR libraries which are not vulnerable to those attacks. Update: This update also provides fixed packages for Mandriva Linux 2008.1 and fixes mozilla-thunderbird error messages. Affected: 2008.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2009:197-2 CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2408 Debian Security Information: DSA-1874 (Google Search) http://www.debian.org/security/2009/dsa-1874 http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 http://www.mandriva.com/security/advisories?name=MDVSA-2009:217 http://isc.sans.org/diary.html?storyid=7003 http://www.wired.com/threatlevel/2009/07/kaminsky/ http://marc.info/?l=oss-security&m=125198917018936&w=2 http://osvdb.org/56723 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458 http://www.redhat.com/support/errata/RHSA-2009-1207.html http://www.redhat.com/support/errata/RHSA-2009-1432.html http://www.securitytracker.com/id?1022632 http://secunia.com/advisories/36088 http://secunia.com/advisories/36125 http://secunia.com/advisories/36139 http://secunia.com/advisories/36157 http://secunia.com/advisories/36434 http://secunia.com/advisories/36669 http://secunia.com/advisories/37098 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1 SuSE Security Announcement: SUSE-SA:2009:048 (Google Search) http://www.novell.com/linux/security/advisories/2009_48_firefox.html SuSE Security Announcement: SUSE-SR:2009:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://www.ubuntu.com/usn/usn-810-1 https://usn.ubuntu.com/810-2/ http://www.vupen.com/english/advisories/2009/2085 http://www.vupen.com/english/advisories/2009/3184 Common Vulnerability Exposure (CVE) ID: CVE-2009-2409 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html Bugtraq: 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console (Google Search) http://www.securityfocus.com/archive/1/515055/100/0/threaded Debian Security Information: DSA-1888 (Google Search) https://www.debian.org/security/2009/dsa-1888 http://security.gentoo.org/glsa/glsa-200911-02.xml http://security.gentoo.org/glsa/glsa-200912-01.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:258 http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594 RedHat Security Advisories: RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html http://www.securitytracker.com/id?1022631 http://secunia.com/advisories/36739 http://secunia.com/advisories/37386 http://secunia.com/advisories/42467 http://www.vupen.com/english/advisories/2010/3126 Common Vulnerability Exposure (CVE) ID: CVE-2009-2404 BugTraq ID: 35891 http://www.securityfocus.com/bid/35891 Cert/CC Advisory: TA10-103B http://www.us-cert.gov/cas/techalerts/TA10-103B.html http://www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11174 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8658 RedHat Security Advisories: RHSA-2009:1185 http://rhn.redhat.com/errata/RHSA-2009-1185.html http://secunia.com/advisories/36102 http://secunia.com/advisories/39428 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.