Mandriva Linux Security Advisory 2009-197-2 – Security issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate and md2 algorithm flaws, and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate. This update provides the latest versions of NSS and NSPR libraries which are not vulnerable to those attacks. This update also provides fixed packages for Mandriva Linux 2008.1 and fixes mozilla-thunderbird error messages.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/81228/MDVSA-2009-197-2.txt
Source: https://packetstormsecurity.com/files/81228/Mandriva-Linux-Security-Advisory-2009-197.html