Users of Network Security Services (NSS) please be advised of a security update that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
RHSA-2010:0862-02: [RHSA-2010:0862-02] Low: nss security update
Product: Red Hat Enterprise Linux
Description:
Network Security Services (NSS) is a set of libraries designed to support
the development of security-enabled client and server applications.
A flaw was found in the way NSS matched SSL certificates when the
certificates had a Common Name containing a wildcard and a partial IP
address. NSS incorrectly accepted connections to IP addresses that fell
within the SSL certificate's wildcard range as valid SSL connections,
possibly allowing an attacker to conduct a man-in-the-middle attack.
(CVE-2010-3170)
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/cnZNFj
No comments:
Post a Comment