Debian Security Advisory DSA 2123-1 (nss)

The remote host is missing an update to nss announced via advisory DSA 2123-1.

Several vulnerabilities have been discovered in Mozilla's Network Security Services (NSS) library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3170 NSS recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVE-2010-3173 NSS does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. For the stable distribution (lenny), these problems have been fixed in version 3.12.3.1-0lenny2. For the unstable distribution (sid) and the upcoming stable distribution (squeeze), these problems have been fixed in version 3.12.8-1. We recommend that you upgrade your NSS packages.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202123-1