lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090804220059.GB18082@severus.strandboge.com>
Date: Tue, 4 Aug 2009 17:00:59 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-810-2] NSPR update

===========================================================
Ubuntu Security Notice USN-810-2            August 04, 2009
nspr update
https://launchpad.net/bugs/387745
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  libnspr4-0d                     4.7.5-0ubuntu0.8.04.1

Ubuntu 8.10:
  libnspr4-0d                     4.7.5-0ubuntu0.8.10.1

Ubuntu 9.04:
  libnspr4-0d                     4.7.5-0ubuntu0.9.04.1

After a standard system upgrade you need to restart any applications that
use NSPR, such as Firefox, to effect the necessary changes.

Details follow:

USN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR
needed to use the new NSS.

Original advisory details:

 Moxie Marlinspike discovered that NSS did not properly handle regular
 expressions in certificate names. A remote attacker could create a
 specially crafted certificate to cause a denial of service (via application
 crash) or execute arbitrary code as the user invoking the program.
 (CVE-2009-2404)
 
 Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did
 not properly handle certificates with NULL characters in the certificate
 name. An attacker could exploit this to perform a man in the middle attack
 to view sensitive information or alter encrypted communications.
 (CVE-2009-2408)
 
 Dan Kaminsky discovered NSS would still accept certificates with MD2 hash
 signatures. As a result, an attacker could potentially create a malicious
 trusted certificate to impersonate another site. (CVE-2009-2409)


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.8.04.1.diff.gz
      Size/MD5:    28600 f5f43fa3b9d3a04dbffb0ef9709ab280
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.8.04.1.dsc
      Size/MD5:     1897 cf92002fb8cbfb273386db008bc89211
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5.orig.tar.gz
      Size/MD5:  1292677 f76d459a9e589d41d65314357a853783

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:   287340 52cd782233986f6e9581c0796ce7910b
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:   133030 19179d5f57e329a94da0a05f4fd7573c
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:   272838 bc0196007756817734ebe7d2b87a8174

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.04.1_i386.deb
      Size/MD5:   279148 1a63f70ffc48b505bb0eeeebbd02b057
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.04.1_i386.deb
      Size/MD5:   121924 8a034208fd5fceccae0dc656cd34c068
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.04.1_i386.deb
      Size/MD5:   259376 961e2309b182b0a7bcd590e594fa1739

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:   282284 4c60ef9d0a36c4ae3919f21ff2fb44fc
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:   120356 d9e14f3ca957970653dea7c689978727
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:   255030 95130f3868815b4900af62bb553d251f

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:   288864 b51b9a1c6249691cd645304ea4fb9621
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:   137250 9a239dbea8743626ae8642a4fdcebf52
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:   266696 18bf93095bd95a1e0620b0493de4ad97

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.04.1_sparc.deb
      Size/MD5:   264952 b1028f1db41955f44c0d6f0e07187ee5
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.04.1_sparc.deb
      Size/MD5:   119080 1b2a624c52570dbe01d9e294346e90d5
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.04.1_sparc.deb
      Size/MD5:   254952 bd0583da8f3dca1041f69c3f549d80b5

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.8.10.1.diff.gz
      Size/MD5:    28491 8834f389b484628a18e102188d5c7665
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.8.10.1.dsc
      Size/MD5:     1897 97dfedceda1419df2257fc774c47a984
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5.orig.tar.gz
      Size/MD5:  1292677 f76d459a9e589d41d65314357a853783

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.10.1_amd64.deb
      Size/MD5:   299002 4e9566ba8e6ef664a7d2615ab167feb0
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.10.1_amd64.deb
      Size/MD5:   135022 7c75ef02983986004da0b9e7dade98c5
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.10.1_amd64.deb
      Size/MD5:   274444 927baa6dfd7ae6075589b04442f5d6a6

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.10.1_i386.deb
      Size/MD5:   289110 a0e25f90449244c1446eb827a9c4cb39
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.10.1_i386.deb
      Size/MD5:   124698 c72513189f3683dc1ed08e75dd89e20e
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.10.1_i386.deb
      Size/MD5:   262034 8162a01064d4b65e5019596fcda7fc7a

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.10.1_lpia.deb
      Size/MD5:   293690 fcfe73ee99110af5f749cf8ae92b4d8d
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.10.1_lpia.deb
      Size/MD5:   122610 e28d9da522294e3d7d459a7d86528cfd
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.10.1_lpia.deb
      Size/MD5:   257476 fde686b087143379964a1c35e787fc57

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5:   300892 aad5920f4959ef255f48089bc93a3fbe
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5:   139818 64554ad09b1c86ccc1de1ba320f3762a
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5:   270372 c729bf5eea000659f680845ae6422f0f

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.10.1_sparc.deb
      Size/MD5:   274950 976e753f8780d59615f6f6f62f59574f
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.10.1_sparc.deb
      Size/MD5:   119878 707cae52c164a76b44cd92a955a50841
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.10.1_sparc.deb
      Size/MD5:   255590 23cd93eb4d321ad7aeb7bbd5d275d5e4

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.9.04.1.diff.gz
      Size/MD5:    26576 f80bef0c81223bca073c69a2161e01c6
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.9.04.1.dsc
      Size/MD5:     1897 7aeb5dc43aad09eec88e30b19956200a
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5.orig.tar.gz
      Size/MD5:  1292677 f76d459a9e589d41d65314357a853783

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:   299640 4231966ae422ae9034f53fe9a87ca374
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:   136538 86d92ee8b171759788a9677fd7d77ef9
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:   275612 78d4689f573a4a9394456872c4fd928d

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.9.04.1_i386.deb
      Size/MD5:   289990 9888e6ac77563dbd7504557ddd33b4be
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.9.04.1_i386.deb
      Size/MD5:   126268 16a827cca1d160874869b7877dd1d542
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.9.04.1_i386.deb
      Size/MD5:   263208 181b6a6adc98e8dca59890ee4ee83de1

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:   294318 f46216ed1d3803d7e35716fd279b92ae
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:   124262 8a4732b18edf81700441511ac4274998
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:   258582 b470aee3e87e3b673dde8380f064d9fb

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:   301800 19cfebb4f279d80f81fc59d0ff6ef665
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:   141394 afcd40f1c528c01735be1f0b6c059e58
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:   271416 8263b766f3794c583d49c4fe873e3b5a

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:   275842 f09fa3c70ef849f11acbe05e52f56473
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:   121354 f5d3853a01640fffbcd28610fa609c8e
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:   256652 fa320131d8e8c22571cff5974a1e63eb



Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ