lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100411153515.GA5307@severus.strandboge.com>
Date: Sun, 11 Apr 2010 10:35:15 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-927-2] NSS regression

===========================================================
Ubuntu Security Notice USN-927-2             April 11, 2010
nss regression
https://launchpad.net/bugs/559881
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
  libnss3-1d                      3.12.6-0ubuntu0.9.10.2

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

USN-927-1 fixed vulnerabilities in NSS. Upstream NSS 3.12.6 added an
additional checksum verification on libnssdbm3.so, but the Ubuntu packaging
did not create this checksum. As a result, Firefox could not initialize the
security component when the NSS Internal FIPS PKCS #11 Module was enabled.
This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
 protocols. If an attacker could perform a man in the middle attack at the
 start of a TLS connection, the attacker could inject arbitrary content at
 the beginning of the user's session. This update adds support for the new
 new renegotiation extension and will use it when the server supports it.


Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.10.2.diff.gz
      Size/MD5:    36659 1c82d002115ed4a76dc98d33ef5c839c
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.10.2.dsc
      Size/MD5:     1651 41544d2843858123ad5852de1587744c
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz
      Size/MD5:  5947630 da42596665f226de5eb3ecfc1ec57cd1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.2_amd64.deb
      Size/MD5:  3235700 8227d9d710a9784750fc541f82d85101
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.2_amd64.deb
      Size/MD5:  1234558 f8db18eb4fec7df4387e5e546ea99871
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.2_amd64.deb
      Size/MD5:   263208 692167e64c00a9990af72a28299b4fbb
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.2_amd64.deb
      Size/MD5:    17854 f9fa214108ab20d8fe4d61567a86d7c0
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.2_amd64.deb
      Size/MD5:   313212 4ae57dcb06572bcdc1e311977a965c55

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.2_i386.deb
      Size/MD5:  3178422 4a141b3f01631497184c0bb260a212f3
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.2_i386.deb
      Size/MD5:  1119994 8e4bfbd067aa051603306ce57949ce51
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.2_i386.deb
      Size/MD5:   260530 c61feb6f65d7419f93f355a5f0755917
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.2_i386.deb
      Size/MD5:    17856 05ac21be0089e816c076f8707d41d21b
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.2_i386.deb
      Size/MD5:   299834 26d317dc29710b27dd0d0b7a36b6c2a1

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.2_lpia.deb
      Size/MD5:  3216556 9230b137f92129c304dddfc5c67853fe
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.2_lpia.deb
      Size/MD5:  1095892 9566ecb3416bd99ba0e6288505626fe9
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.2_lpia.deb
      Size/MD5:   259484 0236cb25267ac3ca1b3bfd586d14d26d
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.2_lpia.deb
      Size/MD5:    17858 ecb362aec61c87f1cfc4e86cd2dec5cb
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.2_lpia.deb
      Size/MD5:   298510 2977f41a1b2fcf7ca25b331336f7dc8f

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.2_powerpc.deb
      Size/MD5:  3325490 ac9caf32bab4d4b911d1c54112583b65
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.2_powerpc.deb
      Size/MD5:  1207122 99b17d40842c1804ee23d19e4a7ffaa0
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.2_powerpc.deb
      Size/MD5:   261820 f46b59e90bf4ff07ca79b5d404f372ed
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.2_powerpc.deb
      Size/MD5:    17858 dca2efb9e1426ff39c55008eaf942926
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.2_powerpc.deb
      Size/MD5:   311022 da3a483c19347cd667c11d8a989d15aa

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.2_sparc.deb
      Size/MD5:  2967780 e3456024e64ee1d14b5b754a93840ac7
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.2_sparc.deb
      Size/MD5:  1074620 202e630d20824b2d4e2614d11d86c2c4
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.2_sparc.deb
      Size/MD5:   257422 fa69b29c59fe334d65d433ab11febbed
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.2_sparc.deb
      Size/MD5:    17856 287ae523a22a8049d3d1c802d5760b83
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.2_sparc.deb
      Size/MD5:   299970 ed1b8755bc1e9da16a08c82ebfecf0fd




Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ