Mandriva Update For Rootcerts MDVSA-2013:003 (rootcerts) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Google reported to Mozilla that TURKTRUST, a certificate authority in Mozillas root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle (MITM) traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates (CVE-2013-0743). The rootcerts package has been upgraded to address this flaw and the Mozilla NSS package has been rebuilt to pickup the changes.

Affected

rootcerts on Mandriva Linux 2011.0

Severity

Classification

CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:045 (php)
Mandrake Security Advisory MDVSA-2009:057 (valgrind)
Mandrake Security Advisory MDVSA-2009:153 (dhcp)
Mandrake Security Advisory MDVSA-2009:150 (libtiff)
Mandrake Security Advisory MDVSA-2009:121 (lcms)

Mandriva Update for rootcerts MDVSA-2013:003 (rootcerts)

Take action and discover your vulnerabilities