Several vulnerabilities have been discovered in Mozilla's Network Security Services (NSS) library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3170 NSS recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVE-2010-3173 NSS does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. For the stable distribution (lenny), these problems have been fixed in version 3.12.3.1-0lenny2. For the unstable distribution (sid) and the upcoming stable distribution (squeeze), these problems have been fixed in version 3.12.8-1. We recommend that you upgrade your NSS packages.
Several vulnerabilities have been discovered in Mozilla's Network Security Services (NSS) library. The Common Vulnerabilities and Exposures project identifies the following problems:
NSS recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
NSS does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
For the stable distribution (lenny), these problems have been fixed in version 3.12.3.1-0lenny2.
For the unstable distribution (sid) and the upcoming stable distribution (squeeze), these problems have been fixed in version 3.12.8-1.
We recommend that you upgrade your NSS packages.
MD5 checksums of the listed files are available in the original advisory.