Detections
Analytics
Mandriva Linux Security Advisory : rootcerts (MDVSA-2013:003)
high Nessus Plugin ID 63464
Language:
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
Google reported to Mozilla that TURKTRUST, a certificate authority in Mozillas root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates (CVE-2013-0743).The rootcerts package has been upgraded to address this flaw and the Mozilla NSS package has been rebuilt to pickup the changes.
Solution
Update the affected packages.See Also
http://www.mozilla.org/security/announce/2013/mfsa2013-20.html
Plugin Details
Severity: High
ID: 63464
File Name: mandriva_MDVSA-2013-003.nasl
Version: 1.11
Type: local
Family: Mandriva Local Security Checks
Published: 1/10/2013
Updated: 1/6/2021
Supported Sensors: Nessus
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:rootcerts-java, cpe:/o:mandriva:linux:2011, p-cpe:/a:mandriva:linux:lib64nss-devel, p-cpe:/a:mandriva:linux:lib64nss-static-devel, p-cpe:/a:mandriva:linux:lib64nss3, p-cpe:/a:mandriva:linux:libnss-devel, p-cpe:/a:mandriva:linux:libnss-static-devel, p-cpe:/a:mandriva:linux:libnss3, p-cpe:/a:mandriva:linux:nss, p-cpe:/a:mandriva:linux:rootcerts
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 1/9/2013
Reference Information
MDVSA: 2013:003