Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2009-1184

Опубликовано: 30 июл. 2009
Источник: oracle-oval
Платформа: Oracle Linux 5

Описание

ELSA-2009-1184: nspr and nss security and bug fix update (CRITICAL)

nspr:

[4.7.4-1.el5_3.1]

  • create z-stream version

[4.7.4-1]

  • Update to NSPR 4.7.4

nss:

[3.12.3.99.3-1.el5_3.2]

  • adjust ssl cipher count constant (bug 505650)

[3.12.3.99.3-1.el5_3.1]

  • create z-stream version

[3.12.3.99.3-1]

  • updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75

[3.12.3-5]

  • updated patch to seckey

[3.12.3-4]

  • add a patch to seckey

[3.12.3-3]

  • remove references to SEED

[3.12.3-2]

  • update to NSS 3.12.3

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

nspr

4.7.4-1.el5_3.1

nspr-devel

4.7.4-1.el5_3.1

nss

3.12.3.99.3-1.el5_3.2

nss-devel

3.12.3.99.3-1.el5_3.2

nss-pkcs11-devel

3.12.3.99.3-1.el5_3.2

nss-tools

3.12.3.99.3-1.el5_3.2

Oracle Linux x86_64

nspr

4.7.4-1.el5_3.1

nspr-devel

4.7.4-1.el5_3.1

nss

3.12.3.99.3-1.el5_3.2

nss-devel

3.12.3.99.3-1.el5_3.2

nss-pkcs11-devel

3.12.3.99.3-1.el5_3.2

nss-tools

3.12.3.99.3-1.el5_3.2

Oracle Linux i386

nspr

4.7.4-1.el5_3.1

nspr-devel

4.7.4-1.el5_3.1

nss

3.12.3.99.3-1.el5_3.2

nss-devel

3.12.3.99.3-1.el5_3.2

nss-pkcs11-devel

3.12.3.99.3-1.el5_3.2

nss-tools

3.12.3.99.3-1.el5_3.2

Связанные CVE

CVE-2009-2408
CVE-2009-2409
CVE-2009-2404

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2009-1186

oracle-oval
почти 16 лет назад

ELSA-2009-1186: nspr and nss security, bug fix, and enhancement update (CRITICAL)

ubuntu логотип

CVE-2009-2408

CVSS3: 5.9
ubuntu
почти 16 лет назад

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.

redhat логотип

CVE-2009-2408

redhat
почти 16 лет назад

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.

nvd логотип

CVE-2009-2408

CVSS3: 5.9
nvd
почти 16 лет назад

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.

debian логотип

CVE-2009-2408

CVSS3: 5.9
debian
почти 16 лет назад

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before ...