Synopsis:	Low: nss security update
Issue date:	2010-11-10
CVE Names:	CVE-2010-3170

A flaw was found in the way NSS matched SSL certificates when the
certificates had a Common Name containing a wildcard and a partial IP
address. NSS incorrectly accepted connections to IP addresses that fell
within the SSL certificate's wildcard range as valid SSL connections,
possibly allowing an attacker to conduct a man-in-the-middle attack.
(CVE-2010-3170)

After installing the update, applications using NSS must be restarted 
for the changes to take effect.

SL 6.x

      SRPMS:
nss-3.12.8-1.el6_0.src.rpm
nss-softokn-3.12.8-1.el6_0.src.rpm
nss-util-3.12.8-1.el6_0.src.rpm
      i386:
nss-3.12.8-1.el6_0.0.sl6.i686.rpm
nss-devel-3.12.8-1.el6_0.0.sl6.i686.rpm
nss-pkcs11-devel-3.12.8-1.el6_0.0.sl6.i686.rpm
nss-softokn-3.12.8-1.el6_0.i686.rpm
nss-softokn-devel-3.12.8-1.el6_0.i686.rpm
nss-softokn-freebl-3.12.8-1.el6_0.i686.rpm
nss-sysinit-3.12.8-1.el6_0.0.sl6.i686.rpm
nss-tools-3.12.8-1.el6_0.0.sl6.i686.rpm
nss-util-3.12.8-1.el6_0.i686.rpm
nss-util-devel-3.12.8-1.el6_0.i686.rpm
      x86_64:
nss-3.12.8-1.el6_0.0.sl6.i686.rpm
nss-3.12.8-1.el6_0.0.sl6.x86_64.rpm
nss-devel-3.12.8-1.el6_0.0.sl6.i686.rpm
nss-devel-3.12.8-1.el6_0.0.sl6.x86_64.rpm
nss-pkcs11-devel-3.12.8-1.el6_0.0.sl6.i686.rpm
nss-pkcs11-devel-3.12.8-1.el6_0.0.sl6.x86_64.rpm
nss-softokn-3.12.8-1.el6_0.i686.rpm
nss-softokn-3.12.8-1.el6_0.x86_64.rpm
nss-softokn-devel-3.12.8-1.el6_0.i686.rpm
nss-softokn-devel-3.12.8-1.el6_0.x86_64.rpm
nss-softokn-freebl-3.12.8-1.el6_0.i686.rpm
nss-softokn-freebl-3.12.8-1.el6_0.x86_64.rpm
nss-sysinit-3.12.8-1.el6_0.0.sl6.x86_64.rpm
nss-tools-3.12.8-1.el6_0.0.sl6.x86_64.rpm
nss-util-3.12.8-1.el6_0.i686.rpm
nss-util-3.12.8-1.el6_0.x86_64.rpm
nss-util-devel-3.12.8-1.el6_0.i686.rpm
nss-util-devel-3.12.8-1.el6_0.x86_64.rpm

-Connie Sieh
-Troy Dawson