-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2300-2 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst September 5, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nss Vulnerability : comprimised certificate authority Problem type : local(remote) Debian-specific: no CVE ID : not available Several unauthorised SSL certificates have been found in the wild issued for the DigiNotar Certificate Authority, obtained through a security compromise with said company. Debian, like other software distributors, has as a precaution decided to disable the DigiNotar Root CA by default in the NSS crypto libraries. As a result from further understanding of the incident, this update to DSA 2300 disables additional DigiNotar issuing certificates. For the oldstable distribution (lenny), this problem has been fixed in version 3.12.3.1-0lenny6. For the stable distribution (squeeze), this problem has been fixed in version 3.12.8-1+squeeze3. For the unstable distribution (sid), this problem has been fixed in version 3.12.11-2. We recommend that you upgrade your nss packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJOZS2IAAoJEOxfUAG2iX57ZUkIAKyhYPcOl5O9GLakYFxoQrWE UtP3q6Y0Of1Qw+7e+WLNnuuWL0atn8gMxebJvVIdSvwnyR2maWFfjU4nAIZW9g6r ETXuRXXOyGfZbQf8uxJZmVDwKout5kafCtbQB75hsUcSCA9T4okpaM7SQLjFULB0 45Q9tjKU/e6QE6kezKKkpj9Mm3wE3zAfL6wnD5HwBYfUN6U6K2a2T0AIBFheMtIo jzHB3/WajYQbUG1CCQwfbrPSQcvER9PsirK02n3IBywdzDdWUGAzqyyM8mBIjC4X lS/PqWifwaO62kz1OK3y6EAtgdR+NQNNKszuWgKoS6jhUMaH67NrFsoYmyXhkqo= =OP2H -----END PGP SIGNATURE-----