rhsa-2009_1207
Vulnerability from csaf_redhat
Published
2009-08-12 14:31
Modified
2024-11-05 17:08
Summary
Red Hat Security Advisory: nspr and nss security update
Notes
Topic
Updated nspr and nss packages that fix security issues are now available
for Red Hat Enterprise Linux 5.2 Extended Update Support.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
Netscape Portable Runtime (NSPR) provides platform independence for non-GUI
operating system facilities. These facilities include threads, thread
synchronization, normal file and network I/O, interval timing, calendar
time, basic memory management (malloc and free), and shared library linking.
Network Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications. Applications built with NSS can support SSLv2, SSLv3, TLS,
and other security standards.
These updated packages upgrade NSS from the previous version, 3.12.2, to a
prerelease of version 3.12.4. The version of NSPR has also been upgraded
from 4.7.3 to 4.7.4.
Moxie Marlinspike reported a heap overflow flaw in a regular expression
parser in the NSS library used by browsers such as Mozilla Firefox to match
common names in certificates. A malicious website could present a
carefully-crafted certificate in such a way as to trigger the heap
overflow, leading to a crash or, possibly, arbitrary code execution with
the permissions of the user running the browser. (CVE-2009-2404)
Note: in order to exploit this issue without further user interaction in
Firefox, the carefully-crafted certificate would need to be signed by a
Certificate Authority trusted by Firefox, otherwise Firefox presents the
victim with a warning that the certificate is untrusted. Only if the user
then accepts the certificate will the overflow take place.
Dan Kaminsky discovered flaws in the way browsers such as Firefox handle
NULL characters in a certificate. If an attacker is able to get a
carefully-crafted certificate signed by a Certificate Authority trusted by
Firefox, the attacker could use the certificate during a man-in-the-middle
attack and potentially confuse Firefox into accepting it by mistake.
(CVE-2009-2408)
Dan Kaminsky found that browsers still accept certificates with MD2 hash
signatures, even though MD2 is no longer considered a cryptographically
strong algorithm. This could make it easier for an attacker to create a
malicious certificate that would be treated as trusted by a browser. NSS
now disables the use of MD2 and MD4 algorithms inside signatures by
default. (CVE-2009-2409)
All users of nspr and nss are advised to upgrade to these updated packages,
which resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated nspr and nss packages that fix security issues are now available\nfor Red Hat Enterprise Linux 5.2 Extended Update Support.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "Netscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular expression\nparser in the NSS library used by browsers such as Mozilla Firefox to match\ncommon names in certificates. A malicious website could present a\ncarefully-crafted certificate in such a way as to trigger the heap\noverflow, leading to a crash or, possibly, arbitrary code execution with\nthe permissions of the user running the browser. (CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction in\nFirefox, the carefully-crafted certificate would need to be signed by a\nCertificate Authority trusted by Firefox, otherwise Firefox presents the\nvictim with a warning that the certificate is untrusted. Only if the user\nthen accepts the certificate will the overflow take place.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox handle\nNULL characters in a certificate. If an attacker is able to get a\ncarefully-crafted certificate signed by a Certificate Authority trusted by\nFirefox, the attacker could use the certificate during a man-in-the-middle\nattack and potentially confuse Firefox into accepting it by mistake.\n(CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser. NSS\nnow disables the use of MD2 and MD4 algorithms inside signatures by\ndefault. (CVE-2009-2409)\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2009:1207", "url": "https://access.redhat.com/errata/RHSA-2009:1207" }, { "category": "external", "summary": "http://www.redhat.com/security/updates/classification/#critical", "url": "http://www.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "510197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510197" }, { "category": "external", "summary": "510251", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510251" }, { "category": "external", "summary": "512912", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512912" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1207.json" } ], "title": "Red Hat Security Advisory: nspr and nss security update", "tracking": { "current_release_date": "2024-11-05T17:08:03+00:00", "generator": { "date": "2024-11-05T17:08:03+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2009:1207", "initial_release_date": "2009-08-12T14:31:00+00:00", "revision_history": [ { "date": "2009-08-12T14:31:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2009-08-12T10:31:10+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T17:08:03+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux EUS (v. 5.2 server)", "product": { "name": "Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:rhel_eus:5.2" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "nss-0:3.12.3.99.3-1.el5_2.ia64", "product": { "name": "nss-0:3.12.3.99.3-1.el5_2.ia64", "product_id": "nss-0:3.12.3.99.3-1.el5_2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss@3.12.3.99.3-1.el5_2?arch=ia64" } } }, { "category": "product_version", "name": "nss-tools-0:3.12.3.99.3-1.el5_2.ia64", "product": { "name": "nss-tools-0:3.12.3.99.3-1.el5_2.ia64", "product_id": "nss-tools-0:3.12.3.99.3-1.el5_2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-tools@3.12.3.99.3-1.el5_2?arch=ia64" } } }, { "category": "product_version", "name": "nss-devel-0:3.12.3.99.3-1.el5_2.ia64", "product": { "name": "nss-devel-0:3.12.3.99.3-1.el5_2.ia64", "product_id": "nss-devel-0:3.12.3.99.3-1.el5_2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-devel@3.12.3.99.3-1.el5_2?arch=ia64" } } }, { "category": "product_version", "name": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.ia64", "product": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.ia64", "product_id": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-debuginfo@3.12.3.99.3-1.el5_2?arch=ia64" } } }, { "category": "product_version", "name": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ia64", "product": { "name": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ia64", "product_id": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-pkcs11-devel@3.12.3.99.3-1.el5_2?arch=ia64" } } }, { "category": "product_version", "name": "nspr-devel-0:4.7.4-1.el5_2.ia64", "product": { "name": "nspr-devel-0:4.7.4-1.el5_2.ia64", "product_id": "nspr-devel-0:4.7.4-1.el5_2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-devel@4.7.4-1.el5_2?arch=ia64" } } }, { "category": "product_version", "name": "nspr-debuginfo-0:4.7.4-1.el5_2.ia64", "product": { "name": "nspr-debuginfo-0:4.7.4-1.el5_2.ia64", "product_id": "nspr-debuginfo-0:4.7.4-1.el5_2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-debuginfo@4.7.4-1.el5_2?arch=ia64" } } }, { "category": "product_version", "name": "nspr-0:4.7.4-1.el5_2.ia64", "product": { "name": "nspr-0:4.7.4-1.el5_2.ia64", "product_id": "nspr-0:4.7.4-1.el5_2.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr@4.7.4-1.el5_2?arch=ia64" } } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "nss-0:3.12.3.99.3-1.el5_2.i386", "product": { "name": "nss-0:3.12.3.99.3-1.el5_2.i386", "product_id": "nss-0:3.12.3.99.3-1.el5_2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss@3.12.3.99.3-1.el5_2?arch=i386" } } }, { "category": "product_version", "name": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.i386", "product": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.i386", "product_id": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-debuginfo@3.12.3.99.3-1.el5_2?arch=i386" } } }, { "category": "product_version", "name": "nss-devel-0:3.12.3.99.3-1.el5_2.i386", "product": { "name": "nss-devel-0:3.12.3.99.3-1.el5_2.i386", "product_id": "nss-devel-0:3.12.3.99.3-1.el5_2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-devel@3.12.3.99.3-1.el5_2?arch=i386" } } }, { "category": "product_version", "name": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.i386", "product": { "name": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.i386", "product_id": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-pkcs11-devel@3.12.3.99.3-1.el5_2?arch=i386" } } }, { "category": "product_version", "name": "nss-tools-0:3.12.3.99.3-1.el5_2.i386", "product": { "name": "nss-tools-0:3.12.3.99.3-1.el5_2.i386", "product_id": "nss-tools-0:3.12.3.99.3-1.el5_2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-tools@3.12.3.99.3-1.el5_2?arch=i386" } } }, { "category": "product_version", "name": "nspr-debuginfo-0:4.7.4-1.el5_2.i386", "product": { "name": "nspr-debuginfo-0:4.7.4-1.el5_2.i386", "product_id": "nspr-debuginfo-0:4.7.4-1.el5_2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-debuginfo@4.7.4-1.el5_2?arch=i386" } } }, { "category": "product_version", "name": "nspr-0:4.7.4-1.el5_2.i386", "product": { "name": "nspr-0:4.7.4-1.el5_2.i386", "product_id": "nspr-0:4.7.4-1.el5_2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr@4.7.4-1.el5_2?arch=i386" } } }, { "category": "product_version", "name": "nspr-devel-0:4.7.4-1.el5_2.i386", "product": { "name": "nspr-devel-0:4.7.4-1.el5_2.i386", "product_id": "nspr-devel-0:4.7.4-1.el5_2.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-devel@4.7.4-1.el5_2?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "nss-0:3.12.3.99.3-1.el5_2.ppc64", "product": { "name": "nss-0:3.12.3.99.3-1.el5_2.ppc64", "product_id": "nss-0:3.12.3.99.3-1.el5_2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss@3.12.3.99.3-1.el5_2?arch=ppc64" } } }, { "category": "product_version", "name": "nss-devel-0:3.12.3.99.3-1.el5_2.ppc64", "product": { "name": "nss-devel-0:3.12.3.99.3-1.el5_2.ppc64", "product_id": "nss-devel-0:3.12.3.99.3-1.el5_2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-devel@3.12.3.99.3-1.el5_2?arch=ppc64" } } }, { "category": "product_version", "name": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc64", "product": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc64", "product_id": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-debuginfo@3.12.3.99.3-1.el5_2?arch=ppc64" } } }, { "category": "product_version", "name": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc64", "product": { "name": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc64", "product_id": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-pkcs11-devel@3.12.3.99.3-1.el5_2?arch=ppc64" } } }, { "category": "product_version", "name": "nspr-devel-0:4.7.4-1.el5_2.ppc64", "product": { "name": "nspr-devel-0:4.7.4-1.el5_2.ppc64", "product_id": "nspr-devel-0:4.7.4-1.el5_2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-devel@4.7.4-1.el5_2?arch=ppc64" } } }, { "category": "product_version", "name": "nspr-debuginfo-0:4.7.4-1.el5_2.ppc64", "product": { "name": "nspr-debuginfo-0:4.7.4-1.el5_2.ppc64", "product_id": "nspr-debuginfo-0:4.7.4-1.el5_2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-debuginfo@4.7.4-1.el5_2?arch=ppc64" } } }, { "category": "product_version", "name": "nspr-0:4.7.4-1.el5_2.ppc64", "product": { "name": "nspr-0:4.7.4-1.el5_2.ppc64", "product_id": "nspr-0:4.7.4-1.el5_2.ppc64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr@4.7.4-1.el5_2?arch=ppc64" } } } ], "category": "architecture", "name": "ppc64" }, { "branches": [ { "category": "product_version", "name": "nss-0:3.12.3.99.3-1.el5_2.ppc", "product": { "name": "nss-0:3.12.3.99.3-1.el5_2.ppc", "product_id": "nss-0:3.12.3.99.3-1.el5_2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss@3.12.3.99.3-1.el5_2?arch=ppc" } } }, { "category": "product_version", "name": "nss-tools-0:3.12.3.99.3-1.el5_2.ppc", "product": { "name": "nss-tools-0:3.12.3.99.3-1.el5_2.ppc", "product_id": "nss-tools-0:3.12.3.99.3-1.el5_2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-tools@3.12.3.99.3-1.el5_2?arch=ppc" } } }, { "category": "product_version", "name": "nss-devel-0:3.12.3.99.3-1.el5_2.ppc", "product": { "name": "nss-devel-0:3.12.3.99.3-1.el5_2.ppc", "product_id": "nss-devel-0:3.12.3.99.3-1.el5_2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-devel@3.12.3.99.3-1.el5_2?arch=ppc" } } }, { "category": "product_version", "name": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc", "product": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc", "product_id": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-debuginfo@3.12.3.99.3-1.el5_2?arch=ppc" } } }, { "category": "product_version", "name": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc", "product": { "name": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc", "product_id": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-pkcs11-devel@3.12.3.99.3-1.el5_2?arch=ppc" } } }, { "category": "product_version", "name": "nspr-devel-0:4.7.4-1.el5_2.ppc", "product": { "name": "nspr-devel-0:4.7.4-1.el5_2.ppc", "product_id": "nspr-devel-0:4.7.4-1.el5_2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-devel@4.7.4-1.el5_2?arch=ppc" } } }, { "category": "product_version", "name": "nspr-debuginfo-0:4.7.4-1.el5_2.ppc", "product": { "name": "nspr-debuginfo-0:4.7.4-1.el5_2.ppc", "product_id": "nspr-debuginfo-0:4.7.4-1.el5_2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-debuginfo@4.7.4-1.el5_2?arch=ppc" } } }, { "category": "product_version", "name": "nspr-0:4.7.4-1.el5_2.ppc", "product": { "name": "nspr-0:4.7.4-1.el5_2.ppc", "product_id": "nspr-0:4.7.4-1.el5_2.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr@4.7.4-1.el5_2?arch=ppc" } } } ], "category": "architecture", "name": "ppc" }, { "branches": [ { "category": "product_version", "name": "nss-0:3.12.3.99.3-1.el5_2.src", "product": { "name": "nss-0:3.12.3.99.3-1.el5_2.src", "product_id": "nss-0:3.12.3.99.3-1.el5_2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss@3.12.3.99.3-1.el5_2?arch=src" } } }, { "category": "product_version", "name": "nspr-0:4.7.4-1.el5_2.src", "product": { "name": "nspr-0:4.7.4-1.el5_2.src", "product_id": "nspr-0:4.7.4-1.el5_2.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr@4.7.4-1.el5_2?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "nss-0:3.12.3.99.3-1.el5_2.s390x", "product": { "name": "nss-0:3.12.3.99.3-1.el5_2.s390x", "product_id": "nss-0:3.12.3.99.3-1.el5_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss@3.12.3.99.3-1.el5_2?arch=s390x" } } }, { "category": "product_version", "name": "nss-tools-0:3.12.3.99.3-1.el5_2.s390x", "product": { "name": "nss-tools-0:3.12.3.99.3-1.el5_2.s390x", "product_id": "nss-tools-0:3.12.3.99.3-1.el5_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-tools@3.12.3.99.3-1.el5_2?arch=s390x" } } }, { "category": "product_version", "name": "nss-devel-0:3.12.3.99.3-1.el5_2.s390x", "product": { "name": "nss-devel-0:3.12.3.99.3-1.el5_2.s390x", "product_id": "nss-devel-0:3.12.3.99.3-1.el5_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-devel@3.12.3.99.3-1.el5_2?arch=s390x" } } }, { "category": "product_version", "name": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390x", "product": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390x", "product_id": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-debuginfo@3.12.3.99.3-1.el5_2?arch=s390x" } } }, { "category": "product_version", "name": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390x", "product": { "name": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390x", "product_id": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-pkcs11-devel@3.12.3.99.3-1.el5_2?arch=s390x" } } }, { "category": "product_version", "name": "nspr-devel-0:4.7.4-1.el5_2.s390x", "product": { "name": "nspr-devel-0:4.7.4-1.el5_2.s390x", "product_id": "nspr-devel-0:4.7.4-1.el5_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-devel@4.7.4-1.el5_2?arch=s390x" } } }, { "category": "product_version", "name": "nspr-debuginfo-0:4.7.4-1.el5_2.s390x", "product": { "name": "nspr-debuginfo-0:4.7.4-1.el5_2.s390x", "product_id": "nspr-debuginfo-0:4.7.4-1.el5_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-debuginfo@4.7.4-1.el5_2?arch=s390x" } } }, { "category": "product_version", "name": "nspr-0:4.7.4-1.el5_2.s390x", "product": { "name": "nspr-0:4.7.4-1.el5_2.s390x", "product_id": "nspr-0:4.7.4-1.el5_2.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr@4.7.4-1.el5_2?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "nss-0:3.12.3.99.3-1.el5_2.s390", "product": { "name": "nss-0:3.12.3.99.3-1.el5_2.s390", "product_id": "nss-0:3.12.3.99.3-1.el5_2.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss@3.12.3.99.3-1.el5_2?arch=s390" } } }, { "category": "product_version", "name": "nss-devel-0:3.12.3.99.3-1.el5_2.s390", "product": { "name": "nss-devel-0:3.12.3.99.3-1.el5_2.s390", "product_id": "nss-devel-0:3.12.3.99.3-1.el5_2.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-devel@3.12.3.99.3-1.el5_2?arch=s390" } } }, { "category": "product_version", "name": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390", "product": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390", "product_id": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-debuginfo@3.12.3.99.3-1.el5_2?arch=s390" } } }, { "category": "product_version", "name": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390", "product": { "name": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390", "product_id": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-pkcs11-devel@3.12.3.99.3-1.el5_2?arch=s390" } } }, { "category": "product_version", "name": "nspr-devel-0:4.7.4-1.el5_2.s390", "product": { "name": "nspr-devel-0:4.7.4-1.el5_2.s390", "product_id": "nspr-devel-0:4.7.4-1.el5_2.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-devel@4.7.4-1.el5_2?arch=s390" } } }, { "category": "product_version", "name": "nspr-debuginfo-0:4.7.4-1.el5_2.s390", "product": { "name": "nspr-debuginfo-0:4.7.4-1.el5_2.s390", "product_id": "nspr-debuginfo-0:4.7.4-1.el5_2.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-debuginfo@4.7.4-1.el5_2?arch=s390" } } }, { "category": "product_version", "name": "nspr-0:4.7.4-1.el5_2.s390", "product": { "name": "nspr-0:4.7.4-1.el5_2.s390", "product_id": "nspr-0:4.7.4-1.el5_2.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr@4.7.4-1.el5_2?arch=s390" } } } ], "category": "architecture", "name": "s390" }, { "branches": [ { "category": "product_version", "name": "nss-0:3.12.3.99.3-1.el5_2.x86_64", "product": { "name": "nss-0:3.12.3.99.3-1.el5_2.x86_64", "product_id": "nss-0:3.12.3.99.3-1.el5_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss@3.12.3.99.3-1.el5_2?arch=x86_64" } } }, { "category": "product_version", "name": "nss-tools-0:3.12.3.99.3-1.el5_2.x86_64", "product": { "name": "nss-tools-0:3.12.3.99.3-1.el5_2.x86_64", "product_id": "nss-tools-0:3.12.3.99.3-1.el5_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-tools@3.12.3.99.3-1.el5_2?arch=x86_64" } } }, { "category": "product_version", "name": "nss-devel-0:3.12.3.99.3-1.el5_2.x86_64", "product": { "name": "nss-devel-0:3.12.3.99.3-1.el5_2.x86_64", "product_id": "nss-devel-0:3.12.3.99.3-1.el5_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-devel@3.12.3.99.3-1.el5_2?arch=x86_64" } } }, { "category": "product_version", "name": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.x86_64", "product": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.x86_64", "product_id": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-debuginfo@3.12.3.99.3-1.el5_2?arch=x86_64" } } }, { "category": "product_version", "name": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.x86_64", "product": { "name": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.x86_64", "product_id": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nss-pkcs11-devel@3.12.3.99.3-1.el5_2?arch=x86_64" } } }, { "category": "product_version", "name": "nspr-devel-0:4.7.4-1.el5_2.x86_64", "product": { "name": "nspr-devel-0:4.7.4-1.el5_2.x86_64", "product_id": "nspr-devel-0:4.7.4-1.el5_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-devel@4.7.4-1.el5_2?arch=x86_64" } } }, { "category": "product_version", "name": "nspr-debuginfo-0:4.7.4-1.el5_2.x86_64", "product": { "name": "nspr-debuginfo-0:4.7.4-1.el5_2.x86_64", "product_id": "nspr-debuginfo-0:4.7.4-1.el5_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr-debuginfo@4.7.4-1.el5_2?arch=x86_64" } } }, { "category": "product_version", "name": "nspr-0:4.7.4-1.el5_2.x86_64", "product": { "name": "nspr-0:4.7.4-1.el5_2.x86_64", "product_id": "nspr-0:4.7.4-1.el5_2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/nspr@4.7.4-1.el5_2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el5_2.i386 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.i386" }, "product_reference": "nspr-0:4.7.4-1.el5_2.i386", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el5_2.ia64 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ia64" }, "product_reference": "nspr-0:4.7.4-1.el5_2.ia64", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el5_2.ppc as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ppc" }, "product_reference": "nspr-0:4.7.4-1.el5_2.ppc", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el5_2.ppc64 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ppc64" }, "product_reference": "nspr-0:4.7.4-1.el5_2.ppc64", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el5_2.s390 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.s390" }, "product_reference": "nspr-0:4.7.4-1.el5_2.s390", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el5_2.s390x as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.s390x" }, "product_reference": "nspr-0:4.7.4-1.el5_2.s390x", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el5_2.src as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.src" }, "product_reference": "nspr-0:4.7.4-1.el5_2.src", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-0:4.7.4-1.el5_2.x86_64 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.x86_64" }, "product_reference": "nspr-0:4.7.4-1.el5_2.x86_64", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-debuginfo-0:4.7.4-1.el5_2.i386 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.i386" }, "product_reference": "nspr-debuginfo-0:4.7.4-1.el5_2.i386", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-debuginfo-0:4.7.4-1.el5_2.ia64 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ia64" }, "product_reference": "nspr-debuginfo-0:4.7.4-1.el5_2.ia64", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-debuginfo-0:4.7.4-1.el5_2.ppc as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ppc" }, "product_reference": "nspr-debuginfo-0:4.7.4-1.el5_2.ppc", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-debuginfo-0:4.7.4-1.el5_2.ppc64 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ppc64" }, "product_reference": "nspr-debuginfo-0:4.7.4-1.el5_2.ppc64", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-debuginfo-0:4.7.4-1.el5_2.s390 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.s390" }, "product_reference": "nspr-debuginfo-0:4.7.4-1.el5_2.s390", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-debuginfo-0:4.7.4-1.el5_2.s390x as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.s390x" }, "product_reference": "nspr-debuginfo-0:4.7.4-1.el5_2.s390x", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-debuginfo-0:4.7.4-1.el5_2.x86_64 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.x86_64" }, "product_reference": "nspr-debuginfo-0:4.7.4-1.el5_2.x86_64", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-devel-0:4.7.4-1.el5_2.i386 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.i386" }, "product_reference": "nspr-devel-0:4.7.4-1.el5_2.i386", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-devel-0:4.7.4-1.el5_2.ia64 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ia64" }, "product_reference": "nspr-devel-0:4.7.4-1.el5_2.ia64", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-devel-0:4.7.4-1.el5_2.ppc as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ppc" }, "product_reference": "nspr-devel-0:4.7.4-1.el5_2.ppc", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-devel-0:4.7.4-1.el5_2.ppc64 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ppc64" }, "product_reference": "nspr-devel-0:4.7.4-1.el5_2.ppc64", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-devel-0:4.7.4-1.el5_2.s390 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.s390" }, "product_reference": "nspr-devel-0:4.7.4-1.el5_2.s390", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-devel-0:4.7.4-1.el5_2.s390x as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.s390x" }, "product_reference": "nspr-devel-0:4.7.4-1.el5_2.s390x", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nspr-devel-0:4.7.4-1.el5_2.x86_64 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.x86_64" }, "product_reference": "nspr-devel-0:4.7.4-1.el5_2.x86_64", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el5_2.i386 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.i386" }, "product_reference": "nss-0:3.12.3.99.3-1.el5_2.i386", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el5_2.ia64 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ia64" }, "product_reference": "nss-0:3.12.3.99.3-1.el5_2.ia64", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el5_2.ppc as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ppc" }, "product_reference": "nss-0:3.12.3.99.3-1.el5_2.ppc", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el5_2.ppc64 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ppc64" }, "product_reference": "nss-0:3.12.3.99.3-1.el5_2.ppc64", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el5_2.s390 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.s390" }, "product_reference": "nss-0:3.12.3.99.3-1.el5_2.s390", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el5_2.s390x as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.s390x" }, "product_reference": "nss-0:3.12.3.99.3-1.el5_2.s390x", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el5_2.src as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.src" }, "product_reference": "nss-0:3.12.3.99.3-1.el5_2.src", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-0:3.12.3.99.3-1.el5_2.x86_64 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.x86_64" }, "product_reference": "nss-0:3.12.3.99.3-1.el5_2.x86_64", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.i386 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.i386" }, "product_reference": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.i386", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.ia64 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ia64" }, "product_reference": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.ia64", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc" }, "product_reference": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc64 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc64" }, "product_reference": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc64", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390" }, "product_reference": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390x as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390x" }, "product_reference": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390x", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.x86_64 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.x86_64" }, "product_reference": "nss-debuginfo-0:3.12.3.99.3-1.el5_2.x86_64", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-devel-0:3.12.3.99.3-1.el5_2.i386 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.i386" }, "product_reference": "nss-devel-0:3.12.3.99.3-1.el5_2.i386", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-devel-0:3.12.3.99.3-1.el5_2.ia64 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ia64" }, "product_reference": "nss-devel-0:3.12.3.99.3-1.el5_2.ia64", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-devel-0:3.12.3.99.3-1.el5_2.ppc as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ppc" }, "product_reference": "nss-devel-0:3.12.3.99.3-1.el5_2.ppc", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-devel-0:3.12.3.99.3-1.el5_2.ppc64 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ppc64" }, "product_reference": "nss-devel-0:3.12.3.99.3-1.el5_2.ppc64", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-devel-0:3.12.3.99.3-1.el5_2.s390 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.s390" }, "product_reference": "nss-devel-0:3.12.3.99.3-1.el5_2.s390", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-devel-0:3.12.3.99.3-1.el5_2.s390x as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.s390x" }, "product_reference": "nss-devel-0:3.12.3.99.3-1.el5_2.s390x", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-devel-0:3.12.3.99.3-1.el5_2.x86_64 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.x86_64" }, "product_reference": "nss-devel-0:3.12.3.99.3-1.el5_2.x86_64", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.i386 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.i386" }, "product_reference": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.i386", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ia64 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ia64" }, "product_reference": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ia64", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc" }, "product_reference": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc64 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc64" }, "product_reference": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc64", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390" }, "product_reference": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390x as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390x" }, "product_reference": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390x", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.x86_64 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.x86_64" }, "product_reference": "nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.x86_64", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-tools-0:3.12.3.99.3-1.el5_2.i386 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.i386" }, "product_reference": "nss-tools-0:3.12.3.99.3-1.el5_2.i386", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-tools-0:3.12.3.99.3-1.el5_2.ia64 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.ia64" }, "product_reference": "nss-tools-0:3.12.3.99.3-1.el5_2.ia64", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-tools-0:3.12.3.99.3-1.el5_2.ppc as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.ppc" }, "product_reference": "nss-tools-0:3.12.3.99.3-1.el5_2.ppc", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-tools-0:3.12.3.99.3-1.el5_2.s390x as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.s390x" }, "product_reference": "nss-tools-0:3.12.3.99.3-1.el5_2.s390x", "relates_to_product_reference": "5Server-5.2.Z" }, { "category": "default_component_of", "full_product_name": { "name": "nss-tools-0:3.12.3.99.3-1.el5_2.x86_64 as a component of Red Hat Enterprise Linux EUS (v. 5.2 server)", "product_id": "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.x86_64" }, "product_reference": "nss-tools-0:3.12.3.99.3-1.el5_2.x86_64", "relates_to_product_reference": "5Server-5.2.Z" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-2404", "discovery_date": "2009-07-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "512912" } ], "notes": [ { "category": "description", "text": "Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.", "title": "Vulnerability description" }, { "category": "summary", "text": "nss regexp heap overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.src", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.src", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2404" }, { "category": "external", "summary": "RHBZ#512912", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=512912" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2404", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2404" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2404", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2404" } ], "release_date": "2009-07-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-08-12T14:31:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.src", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.src", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1207" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.src", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.src", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "nss regexp heap overflow" }, { "cve": "CVE-2009-2408", "discovery_date": "2009-02-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "510251" } ], "notes": [ { "category": "description", "text": "Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.", "title": "Vulnerability description" }, { "category": "summary", "text": "firefox/nss: doesn\u0027t handle NULL in Common Name properly", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.src", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.src", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2408" }, { "category": "external", "summary": "RHBZ#510251", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510251" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2408", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2408" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2408", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2408" } ], "release_date": "2009-07-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-08-12T14:31:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.src", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.src", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1207" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.src", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.src", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "firefox/nss: doesn\u0027t handle NULL in Common Name properly" }, { "cve": "CVE-2009-2409", "discovery_date": "2009-02-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "510197" } ], "notes": [ { "category": "description", "text": "The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.", "title": "Vulnerability description" }, { "category": "summary", "text": "deprecate MD2 in SSL cert validation (Kaminsky)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.src", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.src", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2409" }, { "category": "external", "summary": "RHBZ#510197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510197" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2409", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2409" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2409", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2409" } ], "release_date": "2009-07-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-08-12T14:31:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.src", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.src", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1207" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.src", "5Server-5.2.Z:nspr-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-debuginfo-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.i386", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ia64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ppc", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.ppc64", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.s390", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.s390x", "5Server-5.2.Z:nspr-devel-0:4.7.4-1.el5_2.x86_64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.src", "5Server-5.2.Z:nss-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-debuginfo-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-devel-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.ppc64", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2.x86_64", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.i386", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.ia64", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.ppc", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.s390x", "5Server-5.2.Z:nss-tools-0:3.12.3.99.3-1.el5_2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "deprecate MD2 in SSL cert validation (Kaminsky)" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.