Security Information / 2011 / Security Information -- DSA-2339-1 nss

Debian Security Advisory

DSA-2339-1 nss -- several vulnerabilities

Date Reported:

07 Nov 2011

Affected Packages:

nss

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 647614.
In Mitre's CVE dictionary: CVE-2011-3640.

More information:

This update to the NSS cryptographic libraries revokes the trust in the DigiCert Sdn. Bhd certificate authority. More information can be found in the Mozilla Security Blog.

This update also fixes an insecure load path for pkcs11.txt configuration file (CVE-2011-3640).

For the oldstable distribution (lenny), this problem has been fixed in version 3.12.3.1-0lenny7.

For the stable distribution (squeeze), this problem has been fixed in version 3.12.8-1+squeeze4.

For the unstable distribution (sid), this problem has been fixed in version 3.13.1.with.ckbi.1.88-1.

We recommend that you upgrade your nss packages.