Mandrake Security Advisory MDVSA-2009:197-2 (nss)

The remote host is missing an update to nss announced via advisory MDVSA-2009:197-2.
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
Security issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate (CVE-2009-2404). This update provides the latest versions of NSS and NSPR libraries which are not vulnerable to those attacks. Update: This update also provides fixed packages for Mandriva Linux 2008.1 and fixes mozilla-thunderbird error messages. Affected: 2008.1