Mandriva Linux Security Advisory 2009-197 – Security issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate and md2 algorithm flaws, and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate. This update provides the latest versions of NSS and NSPR libraries which are not vulnerable to those attacks. Packages for 2008.0 are being provided due to extended support for Corporate products.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/83397/MDVSA-2009-197-3.txt
Source: https://packetstormsecurity.com/files/83397/Mandriva-Linux-Security-Advisory-2009-197.html