[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090804212307.GA18082@severus.strandboge.com>
Date: Tue, 4 Aug 2009 16:23:07 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-810-1] NSS vulnerabilities
===========================================================
Ubuntu Security Notice USN-810-1 August 04, 2009
nss vulnerabilities
CVE-2009-2404, CVE-2009-2408, CVE-2009-2409
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
libnss3-1d 3.12.3.1-0ubuntu0.8.04.1
Ubuntu 8.10:
libnss3-1d 3.12.3.1-0ubuntu0.8.10.1
Ubuntu 9.04:
libnss3-1d 3.12.3.1-0ubuntu0.9.04.1
After a standard system upgrade you need to restart an applications that
use NSS, such as Firefox, to effect the necessary changes.
Details follow:
Moxie Marlinspike discovered that NSS did not properly handle regular
expressions in certificate names. A remote attacker could create a
specially crafted certificate to cause a denial of service (via application
crash) or execute arbitrary code as the user invoking the program.
(CVE-2009-2404)
Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did
not properly handle certificates with NULL characters in the certificate
name. An attacker could exploit this to perform a man in the middle attack
to view sensitive information or alter encrypted communications.
(CVE-2009-2408)
Dan Kaminsky discovered NSS would still accept certificates with MD2 hash
signatures. As a result, an attacker could potentially create a malicious
trusted certificate to impersonate another site. (CVE-2009-2409)
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.1.diff.gz
Size/MD5: 37286 f4041d128d758f5506197b1cf0f1214f
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.1.dsc
Size/MD5: 2012 401475ce9f7efa228d7b61671aa69c11
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz
Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 18232 49a5581a19be7771ecdc65fb943e86d7
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 3166090 074734f6e0fd51257999bdc0e38010f3
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 1147016 ddc8dfd4f0cc77c129c5bb4b18b6612c
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 257780 f6d735c7c95478fe2992178e0d7781d4
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 312528 05d78cad52b8c5464350c9b191528e0e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_i386.deb
Size/MD5: 18200 2c088a165372b431416a5b6d9f54b80b
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_i386.deb
Size/MD5: 3012554 50978f6f10b9f4c3918822d864d41aed
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_i386.deb
Size/MD5: 1040016 f0a52f96bd4f7bb7d8001b7ca5ace8d0
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_i386.deb
Size/MD5: 254880 c2151ff8a86f4119fcefa1f6c9ee7add
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_i386.deb
Size/MD5: 295096 f6fde2292ca35df9e6cac822d158e512
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 18190 cbc624cedbae82a39d3c47aaa8ffee38
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 3041822 533fda14ea785417cababc58419a8fec
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 1016224 1ed477ec2ffe3ac642cb7c29413842ab
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 253574 b9756509dcdeea8433a0f6bbe2dc27b7
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 292466 55f2cf8c33f19f17cae613aca3ce71c1
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 20678 a26907dda711e1d13e8d597bee4689e0
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 3125800 102117180150342cecff38e653963f66
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 1143852 f96cab41f4bf24cf4fa4686b3a963464
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 256600 e19a891112bea8df4f27fe569da9c951
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 324934 9aaac74bc3f6ec7f990f78d556c5ec09
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_sparc.deb
Size/MD5: 18292 7e17d87ea08f93759ed7784705d82453
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_sparc.deb
Size/MD5: 2834720 02b6284e651dcf2e6556378dcb730689
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_sparc.deb
Size/MD5: 1019944 ee1829f9195609b3912994fc76788243
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_sparc.deb
Size/MD5: 251578 09583a51b0814b53959af6d79a1b4f8c
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_sparc.deb
Size/MD5: 299484 0d12ed86aae10c56300bd7cefb2884ef
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.1.diff.gz
Size/MD5: 32769 d4e1fb5ca38687ad1e7532c457febc11
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.1.dsc
Size/MD5: 2012 f98ccd513ae480ac7b56d7a4793758d3
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz
Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_amd64.deb
Size/MD5: 3310610 9f8e4b95d1019e3956a88745ce3888c4
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_amd64.deb
Size/MD5: 1195070 21daa67a1f51cc4a942e41beb2da001f
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_amd64.deb
Size/MD5: 257586 89d972c2b67679eca265abac76d0687d
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_amd64.deb
Size/MD5: 18296 8c1d95902c4f0e85c47a3ca941f0b48a
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_amd64.deb
Size/MD5: 317026 11f10cc940951638cf5cac0e6e2f7ded
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_i386.deb
Size/MD5: 3137262 2ae6e2fa5e934a5fa27e14cedcdc74b6
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_i386.deb
Size/MD5: 1076898 59318f3e92b12686695704ef33074dc0
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_i386.deb
Size/MD5: 254686 b0dc3ec378ea87afff4a6d46fafca34f
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_i386.deb
Size/MD5: 18248 7a86d451f0cc722f66ca51f9894c81e2
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_i386.deb
Size/MD5: 300214 88f4442427f4ad5b1e507f24a872d7d5
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_lpia.deb
Size/MD5: 3173686 65714f22fc4908727cd58fa917cff249
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_lpia.deb
Size/MD5: 1050748 c55a36fa65b311364ddfc5f9bcacc3e9
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_lpia.deb
Size/MD5: 253226 0b49775e55163a5c6fa22fba288eded7
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_lpia.deb
Size/MD5: 18220 8fd881d7744299014a919437d9edaf87
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_lpia.deb
Size/MD5: 296154 fce2927b08d43ba6d2188bf927dfb4d6
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb
Size/MD5: 3284430 e411ebc5e3848a9a28fdb7bcf55af833
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb
Size/MD5: 1165792 f6a9ba644f3fb0cd888bf4b425522633
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb
Size/MD5: 256434 19a95ab61e462058ecaf05cbebd11c8a
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb
Size/MD5: 20666 abe014ba1940180af1051006e4d293fd
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb
Size/MD5: 320710 0f3c730279a7e731e72986d15fa2fcc2
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_sparc.deb
Size/MD5: 2942578 3d396922de5283db749fd41036403ead
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_sparc.deb
Size/MD5: 1038356 9d291947a8ef7d02c8c1a9746c1309d4
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_sparc.deb
Size/MD5: 251226 c09de8036a434e93488b5c1b77108246
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_sparc.deb
Size/MD5: 18380 0d18623f50973af22fd4e44e0d042bf4
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_sparc.deb
Size/MD5: 301438 430f4a9aef7a540fac80629656572ea9
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.1.diff.gz
Size/MD5: 35980 b64ec10add3d7fbbc7335b0f85b9fb00
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.1.dsc
Size/MD5: 2012 a889688996d5530e8bf1eb181683137e
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz
Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 3309788 d48afcfa4139fe94b4c0af67c8d9c850
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 1196740 7ace44202680241529edaeb226d0dec1
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 258240 54d581c61ba7608526790263545e1b1c
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 17404 bfbb39c275bb15dcef644991c6af7e7b
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 317668 9d55ed9607359667cf963e04ccb834d5
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_i386.deb
Size/MD5: 3137602 af5d5d420c440bf53de79f8952ee17d0
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_i386.deb
Size/MD5: 1078336 706162a5436e733e4ce57d51baf163fb
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_i386.deb
Size/MD5: 255338 140b54235689f93baa3971add5401a42
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_i386.deb
Size/MD5: 17412 fb6ca266988f45378c41455fa5207a85
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_i386.deb
Size/MD5: 300808 7b06b74c327641634d4f8f1f61b7d432
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 3171676 ad44dc80ef0066d3da2edede234b0210
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 1052136 727ab68dd03bec2ae01b4611c5f98309
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 253840 15198ca066b229b42ced8cb5f4307a53
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 17408 fdf85ab9c62a3d3999d4f49bf0172243
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 296796 ecc392b5e6b2b2b5b5ef6d9f93f3ad30
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 3282216 5399927c4f40c9369fcb58d3038cc3ec
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 1167866 477cd3a3cb2ec7c5cf791208e096de93
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 257080 85844f856588609fba74ec37044f9c35
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 17410 98059af1adbd24026a4dab4faa27ddd1
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 321372 b7afef4b3c7dc27dceb12668458629d8
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 2942004 2e8c7c62ef1119b9326564fe50389b8d
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 1039416 ad6d7c7f3a2301c7e46a1102098fdbaf
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 251874 4a70da68d8ae2e444b7aaf6836d50eba
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 17410 9921067423eeb95bea428bf9f471559c
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 301814 302527f9bbcb164d12b13d25719a9ab9
Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists