lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100409224430.GA4704@severus.strandboge.com>
Date: Fri, 9 Apr 2010 17:44:30 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-927-1] NSS vulnerability

===========================================================
Ubuntu Security Notice USN-927-1             April 09, 2010
nss vulnerability
CVE-2009-3555
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
  libnss3-1d                      3.12.6-0ubuntu0.9.10.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols. If an attacker could perform a man in the middle attack at the
start of a TLS connection, the attacker could inject arbitrary content at
the beginning of the user's session. This update adds support for the new
new renegotiation extension and will use it when the server supports it.


Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.10.1.diff.gz
      Size/MD5:    36589 0b0b4b8d1dd122093fa815d69efbc89e
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.10.1.dsc
      Size/MD5:     1651 a0117f537999a8c5a29dac921fe3db19
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz
      Size/MD5:  5947630 da42596665f226de5eb3ecfc1ec57cd1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.1_amd64.deb
      Size/MD5:  3235746 038ea8c22fc1adcec7c6eb94a2666e7f
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.1_amd64.deb
      Size/MD5:  1234192 6ce9b85ed07528c77d924d8949c85774
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.1_amd64.deb
      Size/MD5:   263144 cb7c75294d9ce22ed463935759f8546a
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.1_amd64.deb
      Size/MD5:    17752 041cb0b8d9ef5e7dbb4a7b6b21c68fed
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.1_amd64.deb
      Size/MD5:   313120 9305a9fbe4473a5fbcb129052d3a9d5e

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.1_i386.deb
      Size/MD5:  3178260 f86edf83bfa1a693add3f9f9a5fce87d
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.1_i386.deb
      Size/MD5:  1119650 7ea6f3113550c23ff2d786e8bb6826a9
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.1_i386.deb
      Size/MD5:   260452 2be494403893cce2523e56003450381f
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.1_i386.deb
      Size/MD5:    17758 84b68d14e2edafa15c4d85251a234509
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.1_i386.deb
      Size/MD5:   299734 78c46aca04aae9369ba47dbbbd7b4ebb

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.1_lpia.deb
      Size/MD5:  3216586 542551cab0ad5b7d02469995f0138483
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.1_lpia.deb
      Size/MD5:  1095640 673d9d626476508b78b1c01ec14da360
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.1_lpia.deb
      Size/MD5:   259386 22bac19ca5b1faee3374cfa4d71ee0f6
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.1_lpia.deb
      Size/MD5:    17754 cf0945e1ee85107157e820fa4f1ee5c6
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.1_lpia.deb
      Size/MD5:   298426 25cb3017432736f8fe127efc2cef8235

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.1_powerpc.deb
      Size/MD5:  3325392 71aa8238fa81e9eda6405450e9a15389
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.1_powerpc.deb
      Size/MD5:  1206786 5b3f8a2c91c7c8a58055f2bdf3b47ee3
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.1_powerpc.deb
      Size/MD5:   261718 e0f60fafda404bbcd749a1279bdd2601
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.1_powerpc.deb
      Size/MD5:    17758 ce3c85e4e6e53fff45bcbec8fac99ede
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.1_powerpc.deb
      Size/MD5:   310922 acc562396e43692d342d0c44fe7e9131

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.1_sparc.deb
      Size/MD5:  2967738 84df47285cec6cdb16b0065d5355ca85
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.1_sparc.deb
      Size/MD5:  1074378 c73f91baf37dad435bb51de4b2e64e3e
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.1_sparc.deb
      Size/MD5:   257336 ea7048dc03a2264acc750bb5c7bf6f7b
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.1_sparc.deb
      Size/MD5:    17758 5a7b808fbff5511d43d626dcf9e0df58
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.1_sparc.deb
      Size/MD5:   299884 53a75a26c11e85067582ab05123d07fe




Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ