[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090902011613.GZ10947@outflux.net>
Date: Tue, 1 Sep 2009 18:16:13 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-810-2] NSS regression
===========================================================
Ubuntu Security Notice USN-810-2 September 02, 2009
nss regression
https://launchpad.net/bugs/409864
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
libnss3-1d 3.12.3.1-0ubuntu0.8.04.2
Ubuntu 8.10:
libnss3-1d 3.12.3.1-0ubuntu0.8.10.2
Ubuntu 9.04:
libnss3-1d 3.12.3.1-0ubuntu0.9.04.2
After a standard system upgrade you need to restart any applications that
use NSS, such as Firefox, to effect the necessary changes.
Details follow:
USN-810-1 fixed vulnerabilities in NSS. Jozsef Kadlecsik noticed that
the new libraries on amd64 did not correctly set stack memory flags,
and caused applications using NSS (e.g. Firefox) to have an executable
stack. This reduced the effectiveness of some defensive security
protections. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Moxie Marlinspike discovered that NSS did not properly handle regular
expressions in certificate names. A remote attacker could create a
specially crafted certificate to cause a denial of service (via application
crash) or execute arbitrary code as the user invoking the program.
(CVE-2009-2404)
Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did
not properly handle certificates with NULL characters in the certificate
name. An attacker could exploit this to perform a man in the middle attack
to view sensitive information or alter encrypted communications.
(CVE-2009-2408)
Dan Kaminsky discovered NSS would still accept certificates with MD2 hash
signatures. As a result, an attacker could potentially create a malicious
trusted certificate to impersonate another site. (CVE-2009-2409)
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.2.diff.gz
Size/MD5: 37655 e64b043a01d0e7daf6bb65204f26d8b0
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.2.dsc
Size/MD5: 1008 8a24bd65b71653c370ee2465fb0e5a72
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz
Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.2_amd64.deb
Size/MD5: 18338 5120cc7f89e608b0b6ff8555cbe30053
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.2_amd64.deb
Size/MD5: 3166314 23ff5a3e893029f31a09f4ab76eb4859
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.2_amd64.deb
Size/MD5: 1147172 bc387e5fb7f699ba9b5d60f1fde92264
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.2_amd64.deb
Size/MD5: 257894 dc77d3e6ab408d4637387e4bea4af785
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.2_amd64.deb
Size/MD5: 312636 e888713d46b0c771ab736b28c77dc131
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.2_i386.deb
Size/MD5: 18306 9d586744b66ee55defa95ffa440768ce
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.2_i386.deb
Size/MD5: 3012638 2461ab65482203195c2dcfc66af2f4ee
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.2_i386.deb
Size/MD5: 1040140 47882c0d3d2f5b21c9fe82babb8f440e
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.2_i386.deb
Size/MD5: 254986 203a63ee2717335eceb721facaf1508d
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.2_i386.deb
Size/MD5: 295214 66e9264a666a83fca9847414d48ac760
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.2_lpia.deb
Size/MD5: 18298 feef4b1491cd185b5f3288294823f5f3
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.2_lpia.deb
Size/MD5: 3042042 377b3815135cfd7282063efb9e51230e
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.2_lpia.deb
Size/MD5: 1016320 44680d617fd1ab1cb2da49f6d9e97aa1
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.2_lpia.deb
Size/MD5: 253690 aabbf2d4e97c7b2484bd204d164e24d0
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.2_lpia.deb
Size/MD5: 292588 4c967b30f7a3fb57d8854df8a79bd379
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.2_powerpc.deb
Size/MD5: 20786 9ce81e2cea44fef0f6faf2fdd5171623
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.2_powerpc.deb
Size/MD5: 3125854 697fffc58a744fe15f7fd9f168ca9733
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.2_powerpc.deb
Size/MD5: 1143970 8f92496cb9f162cc157ebe989e2b3fb0
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.2_powerpc.deb
Size/MD5: 256716 08d9924b808f9ceb5054fa96b83ed1ab
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.2_powerpc.deb
Size/MD5: 325026 7c4cee2fb1e099aa8b04b20fbad7566a
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.2_sparc.deb
Size/MD5: 18408 8db62c70395cff75f2bb89de95e73881
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.2_sparc.deb
Size/MD5: 2834732 1f0c58ae1fae93bff8544a174ff536bb
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.2_sparc.deb
Size/MD5: 1020050 d162fccf68e82cf9ebced93bb46f2809
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.2_sparc.deb
Size/MD5: 251696 9cc85bbdf62ea769b2cd60e1052aabd4
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.2_sparc.deb
Size/MD5: 299608 557d429224fdcc935e71fc64b3ac47ff
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.2.diff.gz
Size/MD5: 33119 fe83a32ef210370566ccb411aa48fe54
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.2.dsc
Size/MD5: 1412 451fa76bfb507e1269fee26218141551
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz
Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.2_amd64.deb
Size/MD5: 3310704 efec40c9fdc2b0ce66fda361c1aba543
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.2_amd64.deb
Size/MD5: 1195180 63cee7f4eda8ffb4c0c3523ac9c6ad91
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.2_amd64.deb
Size/MD5: 257682 05088498123a0736834f5c3c22c5cf46
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.2_amd64.deb
Size/MD5: 18406 ba1d9dae921d0b52ce87adf573eded44
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.2_amd64.deb
Size/MD5: 317148 db5eeeea33c98f32dd12b5e76b745355
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.2_i386.deb
Size/MD5: 3137376 b6f8c176fb6d3805f329550e939a7c58
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.2_i386.deb
Size/MD5: 1077028 6ce44322395faa4a3fcbdde41ee5e68e
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.2_i386.deb
Size/MD5: 254812 771285009e0fdbb6ad1272d631906204
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.2_i386.deb
Size/MD5: 18370 37815dfc4cfe17039df586a98428c93d
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.2_i386.deb
Size/MD5: 300312 898cf2f8d5eefe3b3beca32df52b94bf
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.2_lpia.deb
Size/MD5: 3173916 13a0a5a89a4bf8299357ebd828112ddf
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.2_lpia.deb
Size/MD5: 1050862 a5ed8d7e53cc98fe1ebe24e33994cd53
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.2_lpia.deb
Size/MD5: 253322 db070f03d5f4e0fa7ca62b4076feb1a5
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.2_lpia.deb
Size/MD5: 18346 f3cb5c7f8c0cccaeced8d8bbc63ac9b3
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.2_lpia.deb
Size/MD5: 296258 ee56f8195c14ebe9a3b30e26c9a31dd8
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.2_powerpc.deb
Size/MD5: 3284490 3e9567373c1d8a407184c3454cdbdee2
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.2_powerpc.deb
Size/MD5: 1165908 aea197dd9fbb3c5cd9e76bd8a7411214
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.2_powerpc.deb
Size/MD5: 256530 7a3e87d818c828f4d4b98aff841f77cf
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.2_powerpc.deb
Size/MD5: 20780 32b3073b20ab252ccf7892d92b2dd76f
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.2_powerpc.deb
Size/MD5: 320830 cd055119a68308f42a29fe551217819b
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.2_sparc.deb
Size/MD5: 2942786 dc36959a5a02fdc2068e10bbf811a2b3
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.2_sparc.deb
Size/MD5: 1038452 147a34131c51deb6bb74264eadb1c3ba
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.2_sparc.deb
Size/MD5: 251344 ff7eff0cd42a95f044ed3cc539d61532
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.2_sparc.deb
Size/MD5: 18506 5fc6b96c8d8555457e39b6b0cdd52713
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.2_sparc.deb
Size/MD5: 301552 95ef3e3b2679ceea72e97cfe0ea12762
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.2.diff.gz
Size/MD5: 36540 f42b1d62ed98ee110c10954b55902c63
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.2.dsc
Size/MD5: 1412 b85ff4f8dbe0432df858f415bf48bff0
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz
Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.2_amd64.deb
Size/MD5: 3309826 9dcbef4357653044d8b25731a1d130b9
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.2_amd64.deb
Size/MD5: 1196818 929ca127030a1c1d42f662f5692da089
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.2_amd64.deb
Size/MD5: 258356 4fadbc6290fc184158a9a724cf82940f
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.2_amd64.deb
Size/MD5: 17536 4369982ce7f6ce3e9e899d6506114911
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.2_amd64.deb
Size/MD5: 317782 661b518dd87a1b7057c3b36a6a0cb746
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.2_i386.deb
Size/MD5: 3137640 bed2f6981fa4c243873b999fc5c7502c
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.2_i386.deb
Size/MD5: 1078426 512252fb2ac440c37aa899392776d581
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.2_i386.deb
Size/MD5: 255444 2cd57c0a08300355ee3e1afd8e161923
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.2_i386.deb
Size/MD5: 17534 4dd67a9b274b61230afbfe5b40437184
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.2_i386.deb
Size/MD5: 300900 c20821c5fa989f906188e73e557876b3
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.2_lpia.deb
Size/MD5: 3171624 9698ffc8645b5ecdb03746d567bf575f
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.2_lpia.deb
Size/MD5: 1052256 7c3f11b222fc420ea53b02ce30aa13e0
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.2_lpia.deb
Size/MD5: 253972 c734ddc4fa68d6bdbae8bfab4a0b44af
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.2_lpia.deb
Size/MD5: 17530 78eb3d97799199999c96f44c33a91487
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.2_lpia.deb
Size/MD5: 296900 483e370ded82ed6a038fb719726d5524
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.2_powerpc.deb
Size/MD5: 3282350 7c9b8a3b8754b3ced78e56e4561e0ef5
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.2_powerpc.deb
Size/MD5: 1167974 0d5b73714c4bc7803889a383d2979fdb
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.2_powerpc.deb
Size/MD5: 257192 8369a4b0fa1846dea82673ad50ff77a6
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.2_powerpc.deb
Size/MD5: 17544 ea286e5376301bb7d6066153b23834fa
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.2_powerpc.deb
Size/MD5: 321510 4af0bf6942079e5d3fa4119f43a85ab7
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.2_sparc.deb
Size/MD5: 2942220 4d7c1d6e6b96d5b40f974a635c6a7f2d
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.2_sparc.deb
Size/MD5: 1039542 5cb75a79da1dd8fbebecd78534ed3736
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.2_sparc.deb
Size/MD5: 251998 00b0e28d20dd45068e1403d7e3191fab
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.2_sparc.deb
Size/MD5: 17532 402a209aaebb2ab84200d5bcf1145c0d
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.2_sparc.deb
Size/MD5: 301942 f5655e1c3da7303bde30982520882422
Download attachment "signature.asc" of type "application/pgp-signature" (236 bytes)
Powered by blists - more mailing lists