rhsa-2009_1190
Vulnerability from csaf_redhat
Published
2009-07-31 14:26
Modified
2024-11-05 17:07
Summary
Red Hat Security Advisory: nspr and nss security and bug fix update
Notes
Topic
Updated nspr and nss packages that fix security issues and bugs are now
available for Red Hat Enterprise Linux 4.7 Extended Update Support.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
Netscape Portable Runtime (NSPR) provides platform independence for non-GUI
operating system facilities. These facilities include threads, thread
synchronization, normal file and network I/O, interval timing, calendar
time, basic memory management (malloc and free), and shared library linking.
Network Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications. Applications built with NSS can support SSLv2, SSLv3, TLS,
and other security standards.
These updated packages upgrade NSS from the previous version, 3.12.2, to a
prerelease of version 3.12.4. The version of NSPR has also been upgraded
from 4.7.3 to 4.7.4.
Moxie Marlinspike reported a heap overflow flaw in a regular expression
parser in the NSS library used by browsers such as Mozilla Firefox to match
common names in certificates. A malicious website could present a
carefully-crafted certificate in such a way as to trigger the heap
overflow, leading to a crash or, possibly, arbitrary code execution with
the permissions of the user running the browser. (CVE-2009-2404)
Note: in order to exploit this issue without further user interaction in
Firefox, the carefully-crafted certificate would need to be signed by a
Certificate Authority trusted by Firefox, otherwise Firefox presents the
victim with a warning that the certificate is untrusted. Only if the user
then accepts the certificate will the overflow take place.
Dan Kaminsky discovered flaws in the way browsers such as Firefox handle
NULL characters in a certificate. If an attacker is able to get a
carefully-crafted certificate signed by a Certificate Authority trusted by
Firefox, the attacker could use the certificate during a man-in-the-middle
attack and potentially confuse Firefox into accepting it by mistake.
(CVE-2009-2408)
Dan Kaminsky found that browsers still accept certificates with MD2 hash
signatures, even though MD2 is no longer considered a cryptographically
strong algorithm. This could make it easier for an attacker to create a
malicious certificate that would be treated as trusted by a browser. NSS
now disables the use of MD2 and MD4 algorithms inside signatures by
default. (CVE-2009-2409)
These version upgrades also provide fixes for the following bugs:
* SSL client authentication failed against an Apache server when it was
using the mod_nss module and configured for NSSOCSP. On the client side,
the user agent received an error message that referenced "Error Code:
-12271" and stated that establishing an encrypted connection had failed
because the certificate had been rejected by the host.
On the server side, the nss_error_log under /var/log/httpd/ contained the
following message:
[error] Re-negotiation handshake failed: Not accepted by client!?
Also, /var/log/httpd/error_log contained this error:
SSL Library Error: -8071 The OCSP server experienced an internal error
With these updated packages, the dependency problem which caused this
failure has been resolved so that SSL client authentication with an
Apache web server using mod_nss which is configured for NSSOCSP succeeds
as expected. Note that if the presented client certificate is expired,
then access is denied, the user agent is presented with an error message
about the invalid certificate, and the OCSP queries are seen in the OCSP
responder. Also, similar OCSP status verification happens for SSL server
certificates used in Apache upon instance start or restart. (BZ#508026)
* NSS uses a software integrity test to detect code corruption. RPM
transactions and system link optimization daemons (such as prelink) can
change the contents of libraries, causing the software integrity test to
fail. In combination with the updated prelink package (RHBA-2009:1041),
these updated packages can now prevent software integrity test failures.
(BZ#495938)
All users of nspr and nss are advised to upgrade to these updated packages,
which resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated nspr and nss packages that fix security issues and bugs are now\navailable for Red Hat Enterprise Linux 4.7 Extended Update Support.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "Netscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular expression\nparser in the NSS library used by browsers such as Mozilla Firefox to match\ncommon names in certificates. A malicious website could present a\ncarefully-crafted certificate in such a way as to trigger the heap\noverflow, leading to a crash or, possibly, arbitrary code execution with\nthe permissions of the user running the browser. (CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction in\nFirefox, the carefully-crafted certificate would need to be signed by a\nCertificate Authority trusted by Firefox, otherwise Firefox presents the\nvictim with a warning that the certificate is untrusted. Only if the user\nthen accepts the certificate will the overflow take place.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox handle\nNULL characters in a certificate. If an attacker is able to get a\ncarefully-crafted certificate signed by a Certificate Authority trusted by\nFirefox, the attacker could use the certificate during a man-in-the-middle\nattack and potentially confuse Firefox into accepting it by mistake.\n(CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser. NSS\nnow disables the use of MD2 and MD4 algorithms inside signatures by\ndefault. (CVE-2009-2409)\n\nThese version upgrades also provide fixes for the following bugs:\n\n* SSL client authentication failed against an Apache server when it was \nusing the mod_nss module and configured for NSSOCSP. On the client side,\nthe user agent received an error message that referenced \"Error Code:\n-12271\" and stated that establishing an encrypted connection had failed\nbecause the certificate had been rejected by the host.\n\nOn the server side, the nss_error_log under /var/log/httpd/ contained the\nfollowing message:\n\n[error] Re-negotiation handshake failed: Not accepted by client!?\n\nAlso, /var/log/httpd/error_log contained this error:\n\nSSL Library Error: -8071 The OCSP server experienced an internal error\n\nWith these updated packages, the dependency problem which caused this\nfailure has been resolved so that SSL client authentication with an\nApache web server using mod_nss which is configured for NSSOCSP succeeds\nas expected. Note that if the presented client certificate is expired,\nthen access is denied, the user agent is presented with an error message\nabout the invalid certificate, and the OCSP queries are seen in the OCSP\nresponder. Also, similar OCSP status verification happens for SSL server\ncertificates used in Apache upon instance start or restart. (BZ#508026)\n\n* NSS uses a software integrity test to detect code corruption. RPM\ntransactions and system link optimization daemons (such as prelink) can\nchange the contents of libraries, causing the software integrity test to\nfail. In combination with the updated prelink package (RHBA-2009:1041),\nthese updated packages can now prevent software integrity test failures.\n(BZ#495938)\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2009:1190", "url": "https://access.redhat.com/errata/RHSA-2009:1190" }, { "category": "external", "summary": "http://www.redhat.com/security/updates/classification/#critical", "url": "http://www.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "495938", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=495938" }, { "category": "external", "summary": "508026", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=508026" }, { "category": "external", "summary": "510197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510197" }, { "category": "external", "summary": "510251", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510251" }, { "category": "external", "summary": "512912", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512912" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1190.json" } ], "title": "Red Hat Security Advisory: nspr and nss security and bug fix update", "tracking": { "current_release_date": "2024-11-05T17:07:31+00:00", "generator": { "date": "2024-11-05T17:07:31+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2009:1190", "initial_release_date": "2009-07-31T14:26:00+00:00", "revision_history": [ { "date": "2009-07-31T14:26:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2009-07-31T10:31:31+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T17:07:31+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AS EUS (v. 4.7)", "product": { "name": "Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_eus:4.7::as" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ES EUS (v. 4.7)", "product": { "name": "Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_eus:4.7::es" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "nspr-devel-0:4.7.4-1.el4_7.1.ia64", "product": { "name": "nspr-devel-0:4.7.4-1.el4_7.1.ia64", "product_id": "nspr-devel-0:4.7.4-1.el4_7.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-devel@4.7.4-1.el4_7.1?arch=ia64" } } }, { "category": "product_version", "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64", "product": { "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64", "product_id": "nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-debuginfo@4.7.4-1.el4_7.1?arch=ia64" } } }, { "category": "product_version", "name": "nspr-0:4.7.4-1.el4_7.1.ia64", "product": { "name": "nspr-0:4.7.4-1.el4_7.1.ia64", "product_id": "nspr-0:4.7.4-1.el4_7.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr@4.7.4-1.el4_7.1?arch=ia64" } } }, { "category": "product_version", "name": "nss-0:3.12.3.99.3-1.el4_7.6.ia64", "product": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.ia64", "product_id": "nss-0:3.12.3.99.3-1.el4_7.6.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss@3.12.3.99.3-1.el4_7.6?arch=ia64" } } }, { "category": "product_version", "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64", "product": { "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64", "product_id": "nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-devel@3.12.3.99.3-1.el4_7.6?arch=ia64" } } }, { "category": "product_version", "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64", "product": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64", "product_id": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-debuginfo@3.12.3.99.3-1.el4_7.6?arch=ia64" } } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.i386", "product": { "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.i386", "product_id": "nspr-debuginfo-0:4.7.4-1.el4_7.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-debuginfo@4.7.4-1.el4_7.1?arch=i386" } } }, { "category": "product_version", "name": "nspr-0:4.7.4-1.el4_7.1.i386", "product": { "name": "nspr-0:4.7.4-1.el4_7.1.i386", "product_id": "nspr-0:4.7.4-1.el4_7.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr@4.7.4-1.el4_7.1?arch=i386" } } }, { "category": "product_version", "name": "nspr-devel-0:4.7.4-1.el4_7.1.i386", "product": { "name": "nspr-devel-0:4.7.4-1.el4_7.1.i386", "product_id": "nspr-devel-0:4.7.4-1.el4_7.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-devel@4.7.4-1.el4_7.1?arch=i386" } } }, { "category": "product_version", "name": "nss-0:3.12.3.99.3-1.el4_7.6.i386", "product": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.i386", "product_id": "nss-0:3.12.3.99.3-1.el4_7.6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss@3.12.3.99.3-1.el4_7.6?arch=i386" } } }, { "category": "product_version", "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386", "product": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386", "product_id": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-debuginfo@3.12.3.99.3-1.el4_7.6?arch=i386" } } }, { "category": "product_version", "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.i386", "product": { "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.i386", "product_id": "nss-devel-0:3.12.3.99.3-1.el4_7.6.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-devel@3.12.3.99.3-1.el4_7.6?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "nspr-devel-0:4.7.4-1.el4_7.1.x86_64", "product": { "name": "nspr-devel-0:4.7.4-1.el4_7.1.x86_64", "product_id": "nspr-devel-0:4.7.4-1.el4_7.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-devel@4.7.4-1.el4_7.1?arch=x86_64" } } }, { "category": "product_version", "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64", "product": { "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64", "product_id": "nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-debuginfo@4.7.4-1.el4_7.1?arch=x86_64" } } }, { "category": "product_version", "name": "nspr-0:4.7.4-1.el4_7.1.x86_64", "product": { "name": "nspr-0:4.7.4-1.el4_7.1.x86_64", "product_id": "nspr-0:4.7.4-1.el4_7.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr@4.7.4-1.el4_7.1?arch=x86_64" } } }, { "category": "product_version", "name": "nss-0:3.12.3.99.3-1.el4_7.6.x86_64", "product": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.x86_64", "product_id": "nss-0:3.12.3.99.3-1.el4_7.6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss@3.12.3.99.3-1.el4_7.6?arch=x86_64" } } }, { "category": "product_version", "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64", "product": { "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64", "product_id": "nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-devel@3.12.3.99.3-1.el4_7.6?arch=x86_64" } } }, { "category": "product_version", "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64", "product": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64", "product_id": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-debuginfo@3.12.3.99.3-1.el4_7.6?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "nspr-0:4.7.4-1.el4_7.1.src", "product": { "name": "nspr-0:4.7.4-1.el4_7.1.src", "product_id": "nspr-0:4.7.4-1.el4_7.1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr@4.7.4-1.el4_7.1?arch=src" } } }, { "category": "product_version", "name": "nss-0:3.12.3.99.3-1.el4_7.6.src", "product": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.src", "product_id": "nss-0:3.12.3.99.3-1.el4_7.6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss@3.12.3.99.3-1.el4_7.6?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "nspr-devel-0:4.7.4-1.el4_7.1.ppc", "product": { "name": "nspr-devel-0:4.7.4-1.el4_7.1.ppc", "product_id": "nspr-devel-0:4.7.4-1.el4_7.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-devel@4.7.4-1.el4_7.1?arch=ppc" } } }, { "category": "product_version", "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc", "product": { "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc", "product_id": "nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-debuginfo@4.7.4-1.el4_7.1?arch=ppc" } } }, { "category": "product_version", "name": "nspr-0:4.7.4-1.el4_7.1.ppc", "product": { "name": "nspr-0:4.7.4-1.el4_7.1.ppc", "product_id": "nspr-0:4.7.4-1.el4_7.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr@4.7.4-1.el4_7.1?arch=ppc" } } }, { "category": "product_version", "name": "nss-0:3.12.3.99.3-1.el4_7.6.ppc", "product": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.ppc", "product_id": "nss-0:3.12.3.99.3-1.el4_7.6.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss@3.12.3.99.3-1.el4_7.6?arch=ppc" } } }, { "category": "product_version", "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc", "product": { "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc", "product_id": "nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-devel@3.12.3.99.3-1.el4_7.6?arch=ppc" } } }, { "category": "product_version", "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc", "product": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc", "product_id": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-debuginfo@3.12.3.99.3-1.el4_7.6?arch=ppc" } } } ], "category": "architecture", "name": "ppc" }, { "branches": [ { "category": "product_version", "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64", "product": { "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64", "product_id": "nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-debuginfo@4.7.4-1.el4_7.1?arch=ppc64" } } }, { "category": "product_version", "name": "nspr-0:4.7.4-1.el4_7.1.ppc64", "product": { "name": "nspr-0:4.7.4-1.el4_7.1.ppc64", "product_id": "nspr-0:4.7.4-1.el4_7.1.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr@4.7.4-1.el4_7.1?arch=ppc64" } } }, { "category": "product_version", "name": "nss-0:3.12.3.99.3-1.el4_7.6.ppc64", "product": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.ppc64", "product_id": "nss-0:3.12.3.99.3-1.el4_7.6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss@3.12.3.99.3-1.el4_7.6?arch=ppc64" } } }, { "category": "product_version", "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64", "product": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64", "product_id": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-debuginfo@3.12.3.99.3-1.el4_7.6?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "nspr-devel-0:4.7.4-1.el4_7.1.s390x", "product": { "name": "nspr-devel-0:4.7.4-1.el4_7.1.s390x", "product_id": "nspr-devel-0:4.7.4-1.el4_7.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-devel@4.7.4-1.el4_7.1?arch=s390x" } } }, { "category": "product_version", "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x", "product": { "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x", "product_id": "nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-debuginfo@4.7.4-1.el4_7.1?arch=s390x" } } }, { "category": "product_version", "name": "nspr-0:4.7.4-1.el4_7.1.s390x", "product": { "name": "nspr-0:4.7.4-1.el4_7.1.s390x", "product_id": "nspr-0:4.7.4-1.el4_7.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr@4.7.4-1.el4_7.1?arch=s390x" } } }, { "category": "product_version", "name": "nss-0:3.12.3.99.3-1.el4_7.6.s390x", "product": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.s390x", "product_id": "nss-0:3.12.3.99.3-1.el4_7.6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss@3.12.3.99.3-1.el4_7.6?arch=s390x" } } }, { "category": "product_version", "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x", "product": { "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x", "product_id": "nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-devel@3.12.3.99.3-1.el4_7.6?arch=s390x" } } }, { "category": "product_version", "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x", "product": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x", "product_id": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-debuginfo@3.12.3.99.3-1.el4_7.6?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.s390", "product": { "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.s390", "product_id": "nspr-debuginfo-0:4.7.4-1.el4_7.1.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-debuginfo@4.7.4-1.el4_7.1?arch=s390" } } }, { "category": "product_version", "name": "nspr-0:4.7.4-1.el4_7.1.s390", "product": { "name": "nspr-0:4.7.4-1.el4_7.1.s390", "product_id": "nspr-0:4.7.4-1.el4_7.1.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr@4.7.4-1.el4_7.1?arch=s390" } } }, { "category": "product_version", "name": "nspr-devel-0:4.7.4-1.el4_7.1.s390", "product": { "name": "nspr-devel-0:4.7.4-1.el4_7.1.s390", "product_id": "nspr-devel-0:4.7.4-1.el4_7.1.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-devel@4.7.4-1.el4_7.1?arch=s390" } } }, { "category": "product_version", "name": "nss-0:3.12.3.99.3-1.el4_7.6.s390", "product": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.s390", "product_id": "nss-0:3.12.3.99.3-1.el4_7.6.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss@3.12.3.99.3-1.el4_7.6?arch=s390" } } }, { "category": "product_version", "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390", "product": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390", "product_id": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-debuginfo@3.12.3.99.3-1.el4_7.6?arch=s390" } } }, { "category": "product_version", "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.s390", "product": { "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.s390", "product_id": "nss-devel-0:3.12.3.99.3-1.el4_7.6.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-devel@3.12.3.99.3-1.el4_7.6?arch=s390" } } } ], "category": "architecture", "name": "s390" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el4_7.1.i386 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.i386" }, "product_reference": "nspr-0:4.7.4-1.el4_7.1.i386", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el4_7.1.ia64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ia64" }, "product_reference": "nspr-0:4.7.4-1.el4_7.1.ia64", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el4_7.1.ppc as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc" }, "product_reference": "nspr-0:4.7.4-1.el4_7.1.ppc", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el4_7.1.ppc64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc64" }, "product_reference": "nspr-0:4.7.4-1.el4_7.1.ppc64", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el4_7.1.s390 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390" }, "product_reference": "nspr-0:4.7.4-1.el4_7.1.s390", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el4_7.1.s390x as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390x" }, "product_reference": "nspr-0:4.7.4-1.el4_7.1.s390x", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el4_7.1.src as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.src" }, "product_reference": "nspr-0:4.7.4-1.el4_7.1.src", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el4_7.1.x86_64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.x86_64" }, "product_reference": "nspr-0:4.7.4-1.el4_7.1.x86_64", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.i386 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.i386" }, "product_reference": "nspr-debuginfo-0:4.7.4-1.el4_7.1.i386", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64" }, "product_reference": "nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc" }, "product_reference": "nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64" }, "product_reference": "nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.s390 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390" }, "product_reference": "nspr-debuginfo-0:4.7.4-1.el4_7.1.s390", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x" }, "product_reference": "nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64" }, "product_reference": "nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-devel-0:4.7.4-1.el4_7.1.i386 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.i386" }, "product_reference": "nspr-devel-0:4.7.4-1.el4_7.1.i386", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-devel-0:4.7.4-1.el4_7.1.ia64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ia64" }, "product_reference": "nspr-devel-0:4.7.4-1.el4_7.1.ia64", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-devel-0:4.7.4-1.el4_7.1.ppc as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ppc" }, "product_reference": "nspr-devel-0:4.7.4-1.el4_7.1.ppc", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-devel-0:4.7.4-1.el4_7.1.s390 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390" }, "product_reference": "nspr-devel-0:4.7.4-1.el4_7.1.s390", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-devel-0:4.7.4-1.el4_7.1.s390x as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390x" }, "product_reference": "nspr-devel-0:4.7.4-1.el4_7.1.s390x", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-devel-0:4.7.4-1.el4_7.1.x86_64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.x86_64" }, "product_reference": "nspr-devel-0:4.7.4-1.el4_7.1.x86_64", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.i386 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.i386" }, "product_reference": "nss-0:3.12.3.99.3-1.el4_7.6.i386", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.ia64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ia64" }, "product_reference": "nss-0:3.12.3.99.3-1.el4_7.6.ia64", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.ppc as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc" }, "product_reference": "nss-0:3.12.3.99.3-1.el4_7.6.ppc", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.ppc64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc64" }, "product_reference": "nss-0:3.12.3.99.3-1.el4_7.6.ppc64", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.s390 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390" }, "product_reference": "nss-0:3.12.3.99.3-1.el4_7.6.s390", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.s390x as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390x" }, "product_reference": "nss-0:3.12.3.99.3-1.el4_7.6.s390x", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.src as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.src" }, "product_reference": "nss-0:3.12.3.99.3-1.el4_7.6.src", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.x86_64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.x86_64" }, "product_reference": "nss-0:3.12.3.99.3-1.el4_7.6.x86_64", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386" }, "product_reference": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64" }, "product_reference": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc" }, "product_reference": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64" }, "product_reference": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390" }, "product_reference": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x" }, "product_reference": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64" }, "product_reference": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.i386 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.i386" }, "product_reference": "nss-devel-0:3.12.3.99.3-1.el4_7.6.i386", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64" }, "product_reference": "nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc" }, "product_reference": "nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.s390 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390" }, "product_reference": "nss-devel-0:3.12.3.99.3-1.el4_7.6.s390", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x" }, "product_reference": "nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64 as a component of Red Hat Enterprise Linux AS EUS (v. 4.7)", "product_id": "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64" }, "product_reference": "nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64", "relates_to_product_reference": "4AS-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el4_7.1.i386 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.i386" }, "product_reference": "nspr-0:4.7.4-1.el4_7.1.i386", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el4_7.1.ia64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ia64" }, "product_reference": "nspr-0:4.7.4-1.el4_7.1.ia64", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el4_7.1.ppc as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc" }, "product_reference": "nspr-0:4.7.4-1.el4_7.1.ppc", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el4_7.1.ppc64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc64" }, "product_reference": "nspr-0:4.7.4-1.el4_7.1.ppc64", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el4_7.1.s390 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390" }, "product_reference": "nspr-0:4.7.4-1.el4_7.1.s390", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el4_7.1.s390x as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390x" }, "product_reference": "nspr-0:4.7.4-1.el4_7.1.s390x", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el4_7.1.src as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.src" }, "product_reference": "nspr-0:4.7.4-1.el4_7.1.src", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el4_7.1.x86_64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.x86_64" }, "product_reference": "nspr-0:4.7.4-1.el4_7.1.x86_64", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.i386 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.i386" }, "product_reference": "nspr-debuginfo-0:4.7.4-1.el4_7.1.i386", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64" }, "product_reference": "nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc" }, "product_reference": "nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64" }, "product_reference": "nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.s390 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390" }, "product_reference": "nspr-debuginfo-0:4.7.4-1.el4_7.1.s390", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x" }, "product_reference": "nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64" }, "product_reference": "nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-devel-0:4.7.4-1.el4_7.1.i386 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.i386" }, "product_reference": "nspr-devel-0:4.7.4-1.el4_7.1.i386", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-devel-0:4.7.4-1.el4_7.1.ia64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ia64" }, "product_reference": "nspr-devel-0:4.7.4-1.el4_7.1.ia64", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-devel-0:4.7.4-1.el4_7.1.ppc as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ppc" }, "product_reference": "nspr-devel-0:4.7.4-1.el4_7.1.ppc", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-devel-0:4.7.4-1.el4_7.1.s390 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390" }, "product_reference": "nspr-devel-0:4.7.4-1.el4_7.1.s390", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-devel-0:4.7.4-1.el4_7.1.s390x as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390x" }, "product_reference": "nspr-devel-0:4.7.4-1.el4_7.1.s390x", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-devel-0:4.7.4-1.el4_7.1.x86_64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.x86_64" }, "product_reference": "nspr-devel-0:4.7.4-1.el4_7.1.x86_64", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.i386 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.i386" }, "product_reference": "nss-0:3.12.3.99.3-1.el4_7.6.i386", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.ia64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ia64" }, "product_reference": "nss-0:3.12.3.99.3-1.el4_7.6.ia64", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.ppc as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc" }, "product_reference": "nss-0:3.12.3.99.3-1.el4_7.6.ppc", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.ppc64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc64" }, "product_reference": "nss-0:3.12.3.99.3-1.el4_7.6.ppc64", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.s390 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390" }, "product_reference": "nss-0:3.12.3.99.3-1.el4_7.6.s390", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.s390x as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390x" }, "product_reference": "nss-0:3.12.3.99.3-1.el4_7.6.s390x", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.src as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.src" }, "product_reference": "nss-0:3.12.3.99.3-1.el4_7.6.src", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el4_7.6.x86_64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.x86_64" }, "product_reference": "nss-0:3.12.3.99.3-1.el4_7.6.x86_64", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386" }, "product_reference": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64" }, "product_reference": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc" }, "product_reference": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64" }, "product_reference": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390" }, "product_reference": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x" }, "product_reference": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64" }, "product_reference": "nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.i386 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.i386" }, "product_reference": "nss-devel-0:3.12.3.99.3-1.el4_7.6.i386", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64" }, "product_reference": "nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc" }, "product_reference": "nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.s390 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390" }, "product_reference": "nss-devel-0:3.12.3.99.3-1.el4_7.6.s390", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x" }, "product_reference": "nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x", "relates_to_product_reference": "4ES-4.7.z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64 as a component of Red Hat Enterprise Linux ES EUS (v. 4.7)", "product_id": "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64" }, "product_reference": "nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64", "relates_to_product_reference": "4ES-4.7.z" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-2404", "discovery_date": "2009-07-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "512912" } ], "notes": [ { "category": "description", "text": "Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.", "title": "Vulnerability description" }, { "category": "summary", "text": "nss regexp heap overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc64", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.src", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.src", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.x86_64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.src", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.src", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2404" }, { "category": "external", "summary": "RHBZ#512912", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512912" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2404", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2404" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2404", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2404" } ], "release_date": "2009-07-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-07-31T14:26:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc64", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.src", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.src", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.x86_64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.src", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.src", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1190" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc64", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.src", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.src", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.x86_64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.src", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.src", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "nss regexp heap overflow" }, { "cve": "CVE-2009-2408", "discovery_date": "2009-02-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "510251" } ], "notes": [ { "category": "description", "text": "Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.", "title": "Vulnerability description" }, { "category": "summary", "text": "firefox/nss: doesn\u0027t handle NULL in Common Name properly", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc64", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.src", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.src", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.x86_64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.src", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.src", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2408" }, { "category": "external", "summary": "RHBZ#510251", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510251" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2408", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2408" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2408", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2408" } ], "release_date": "2009-07-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-07-31T14:26:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc64", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.src", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.src", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.x86_64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.src", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.src", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1190" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc64", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.src", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.src", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.x86_64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.src", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.src", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "firefox/nss: doesn\u0027t handle NULL in Common Name properly" }, { "cve": "CVE-2009-2409", "discovery_date": "2009-02-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "510197" } ], "notes": [ { "category": "description", "text": "The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.", "title": "Vulnerability description" }, { "category": "summary", "text": "deprecate MD2 in SSL cert validation (Kaminsky)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc64", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.src", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.src", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.x86_64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.src", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.src", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2409" }, { "category": "external", "summary": "RHBZ#510197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510197" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2409", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2409" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2409", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2409" } ], "release_date": "2009-07-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-07-31T14:26:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc64", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.src", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.src", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.x86_64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.src", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.src", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1190" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc64", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.src", "4AS-4.7.z:nspr-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.i386", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ia64", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ppc", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390x", "4AS-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.x86_64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc64", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.src", "4AS-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.x86_64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.i386", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x", "4AS-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.ppc64", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.src", "4ES-4.7.z:nspr-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.ppc64", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-debuginfo-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.i386", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ia64", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.ppc", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.s390x", "4ES-4.7.z:nspr-devel-0:4.7.4-1.el4_7.1.x86_64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.ppc64", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.src", "4ES-4.7.z:nss-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.ppc64", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-debuginfo-0:3.12.3.99.3-1.el4_7.6.x86_64", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.i386", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ia64", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.ppc", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.s390x", "4ES-4.7.z:nss-devel-0:3.12.3.99.3-1.el4_7.6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "deprecate MD2 in SSL cert validation (Kaminsky)" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.