Debian Security Advisory
DSA-2599-1 nss -- mis-issued intermediates
- Date Reported:
- 06 Jan 2013
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2013-0743.
- More information:
Google, Inc. discovered that the TurkTrust certification authority included in the Network Security Service libraries (nss) mis-issued two intermediate CAs which could be used to generate rogue end-entity certificates. This update explicitly distrusts those two intermediate CAs. The two existing TurkTrust root CAs remain active.
For the stable distribution (squeeze), this problem has been fixed in version 3.12.8-1+squeeze6.
For the testing distribution (wheezy), this problem has been fixed in version 2:3.13.6-2.
For the unstable distribution (sid), this problem has been fixed in version 2:3.14.1.with.ckbi.1.93-1.
We recommend that you upgrade your nss packages.