Mandriva Linux Security Advisory : rootcerts (MDVSA-2010:032)

high Nessus Plugin ID 44396

Language:

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

It was brought to our attention by Ludwig Nussel at SUSE the md5 collision certificate should not be included. This update removes the offending certificate.

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.

The mozilla nss library has consequently been rebuilt to pickup these changes and are also being provided.

Solution

Update the affected packages.

See Also

http://www.phreedom.org/research/rogue-ca/

Plugin Details

Severity: High

ID: 44396

File Name: mandriva_MDVSA-2010-032.nasl

Version: 1.12

Type: local

Published: 2/5/2010

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64nss-devel, p-cpe:/a:mandriva:linux:lib64nss-static-devel, p-cpe:/a:mandriva:linux:lib64nss3, p-cpe:/a:mandriva:linux:libnss-devel, p-cpe:/a:mandriva:linux:libnss-static-devel, p-cpe:/a:mandriva:linux:libnss3, p-cpe:/a:mandriva:linux:nss, p-cpe:/a:mandriva:linux:rootcerts, p-cpe:/a:mandriva:linux:rootcerts-java, cpe:/o:mandriva:linux:2008.0, cpe:/o:mandriva:linux:2009.0, cpe:/o:mandriva:linux:2009.1, cpe:/o:mandriva:linux:2010.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2/4/2010

Reference Information

MDVSA: 2010:032