lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NaenF-0005Mk-7e@titan.mandriva.com>
Date: Fri, 29 Jan 2010 01:33:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:029 ] rootcerts


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:029
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : rootcerts
 Date    : January 28, 2010
 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 The rootcerts package was added in Mandriva in 2005 and was meant
 to be updated when nessesary. The provided rootcerts packages has
 been upgraded using the latest certdata.txt file from the mozilla
 cvs repository, as of 2009/12/03.
 
 In Mandriva a number of additional CA root certificates has been
 added such as ICP-Brasil (Brazil government CA), cacert.org, IGC/A CA
 (French government CA). The IGC/A CA one was recently added upstream
 in the mozilla certdata.txt file.
 
 The rootcerts package provides the /etc/pki/tls/certs/ca-bundle.crt
 file which most sofwares in Mandriva, and where appliable is sharing
 such as KDE, curl, pidgin, neon, and more.
 
 The mozilla nss library has consequently been rebuilt to pickup these
 changes and are also being provided.
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 77617570d2eda1766aff5a82c2883c26  2008.0/i586/libnss3-3.12.3.1-0.2mdv2008.0.i586.rpm
 da74fbee3342af41d342a32b937bfe7d  2008.0/i586/libnss-devel-3.12.3.1-0.2mdv2008.0.i586.rpm
 32202c0651f69165d2325dc9c39bc06a  2008.0/i586/libnss-static-devel-3.12.3.1-0.2mdv2008.0.i586.rpm
 1b0ae620c3d563e1f03951758f614027  2008.0/i586/nss-3.12.3.1-0.2mdv2008.0.i586.rpm
 20e77b8fb29288c13ecb25ca0f6fe2cd  2008.0/i586/rootcerts-20091203.03-1mdv2008.0.i586.rpm 
 65ce3a242de3a14e829c88085358a641  2008.0/SRPMS/nss-3.12.3.1-0.2mdv2008.0.src.rpm
 c1d7251621ef13c9f78b162bda08d37e  2008.0/SRPMS/rootcerts-20091203.03-1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 353af4273a74e7b21904dce1dea2a1a4  2008.0/x86_64/lib64nss3-3.12.3.1-0.2mdv2008.0.x86_64.rpm
 43ecc0055421158a207ce131f5488b5d  2008.0/x86_64/lib64nss-devel-3.12.3.1-0.2mdv2008.0.x86_64.rpm
 737b56ed846f23a7a20e2822e8ba2a21  2008.0/x86_64/lib64nss-static-devel-3.12.3.1-0.2mdv2008.0.x86_64.rpm
 80dfbc0d2167c0c16df79a05dc1a1384  2008.0/x86_64/nss-3.12.3.1-0.2mdv2008.0.x86_64.rpm
 cd0b1a383371ac7dcbf0260374fc1901  2008.0/x86_64/rootcerts-20091203.03-1mdv2008.0.x86_64.rpm 
 65ce3a242de3a14e829c88085358a641  2008.0/SRPMS/nss-3.12.3.1-0.2mdv2008.0.src.rpm
 c1d7251621ef13c9f78b162bda08d37e  2008.0/SRPMS/rootcerts-20091203.03-1mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 1e94aa0599120f7e4d604b7be48e5911  2009.0/i586/libnss3-3.12.3.1-0.2mdv2009.0.i586.rpm
 58ea28567135ba81d6d82e43036d4274  2009.0/i586/libnss-devel-3.12.3.1-0.2mdv2009.0.i586.rpm
 ecc24d0120505b155446b28364867534  2009.0/i586/libnss-static-devel-3.12.3.1-0.2mdv2009.0.i586.rpm
 5ef9f82722cca755561754e47879e09a  2009.0/i586/nss-3.12.3.1-0.2mdv2009.0.i586.rpm
 b75c1c97a18a146f03d2c04524598e83  2009.0/i586/rootcerts-20091203.03-1mdv2009.0.i586.rpm
 0e332d2755961a60c1702a60387d35d3  2009.0/i586/rootcerts-java-20091203.03-1mdv2009.0.i586.rpm 
 fc075f989958667195179a5882167dd9  2009.0/SRPMS/nss-3.12.3.1-0.2mdv2009.0.src.rpm
 8f9b1e0f69d86d972b5f16b92b2b1bc0  2009.0/SRPMS/rootcerts-20091203.03-1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 6ddc54ee62d4d03e0a51083e329b8703  2009.0/x86_64/lib64nss3-3.12.3.1-0.2mdv2009.0.x86_64.rpm
 a3b62285d73e6b9e23512f5a0b346358  2009.0/x86_64/lib64nss-devel-3.12.3.1-0.2mdv2009.0.x86_64.rpm
 65c73a0e41b4f03d4f9d34512a21ba07  2009.0/x86_64/lib64nss-static-devel-3.12.3.1-0.2mdv2009.0.x86_64.rpm
 71996a2074b4959b0eff64c1f14981d9  2009.0/x86_64/nss-3.12.3.1-0.2mdv2009.0.x86_64.rpm
 ceda5ad8bc181b9e672c921a34df52e3  2009.0/x86_64/rootcerts-20091203.03-1mdv2009.0.x86_64.rpm
 7faaa66a758545307151cc51c6cab30a  2009.0/x86_64/rootcerts-java-20091203.03-1mdv2009.0.x86_64.rpm 
 fc075f989958667195179a5882167dd9  2009.0/SRPMS/nss-3.12.3.1-0.2mdv2009.0.src.rpm
 8f9b1e0f69d86d972b5f16b92b2b1bc0  2009.0/SRPMS/rootcerts-20091203.03-1mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 8c0a0d1549169c6e14c159d33aeda839  2009.1/i586/libnss3-3.12.3.1-0.2mdv2009.1.i586.rpm
 4db5f222d5423aeecbcfe25b828678ee  2009.1/i586/libnss-devel-3.12.3.1-0.2mdv2009.1.i586.rpm
 de57888da6ba4d1445477d52d2d86545  2009.1/i586/libnss-static-devel-3.12.3.1-0.2mdv2009.1.i586.rpm
 ccc01b2d0e564c9bfe57bcd487582c5e  2009.1/i586/nss-3.12.3.1-0.2mdv2009.1.i586.rpm
 44815c4ed44c6a4b85a6474430bcf299  2009.1/i586/rootcerts-20091203.03-1mdv2009.1.i586.rpm
 eff41ebdbc2ed78ab3e1d8ecdb28dde7  2009.1/i586/rootcerts-java-20091203.03-1mdv2009.1.i586.rpm 
 d63d1854b352d16fa500ceb195d8fd83  2009.1/SRPMS/nss-3.12.3.1-0.2mdv2009.1.src.rpm
 7e86ddc3851ebb032eec281b98dac240  2009.1/SRPMS/rootcerts-20091203.03-1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 121cee368a55953da58c58ff8d1fbfcd  2009.1/x86_64/lib64nss3-3.12.3.1-0.2mdv2009.1.x86_64.rpm
 ab66fd19434fcf0a4098240471323582  2009.1/x86_64/lib64nss-devel-3.12.3.1-0.2mdv2009.1.x86_64.rpm
 43a9bb09aa3d3eff3e0a8ea9e7ff5045  2009.1/x86_64/lib64nss-static-devel-3.12.3.1-0.2mdv2009.1.x86_64.rpm
 5d16a70f0d85576969b5118610e9b7fe  2009.1/x86_64/nss-3.12.3.1-0.2mdv2009.1.x86_64.rpm
 e0c54141b4f9e92e7aee7ee9211d6451  2009.1/x86_64/rootcerts-20091203.03-1mdv2009.1.x86_64.rpm
 7a133803654ee04dc00271d56332ecd9  2009.1/x86_64/rootcerts-java-20091203.03-1mdv2009.1.x86_64.rpm 
 d63d1854b352d16fa500ceb195d8fd83  2009.1/SRPMS/nss-3.12.3.1-0.2mdv2009.1.src.rpm
 7e86ddc3851ebb032eec281b98dac240  2009.1/SRPMS/rootcerts-20091203.03-1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 ae0225feacd3742d55b5ae163e72766b  2010.0/i586/libnss3-3.12.4-2.1mdv2010.0.i586.rpm
 cc4c92ff4a4931b445ba5ccb82b6c768  2010.0/i586/libnss-devel-3.12.4-2.1mdv2010.0.i586.rpm
 77c17d231648d3680bf372ab263409a7  2010.0/i586/libnss-static-devel-3.12.4-2.1mdv2010.0.i586.rpm
 1a28a4367df88ff3be0446a21e465aca  2010.0/i586/nss-3.12.4-2.1mdv2010.0.i586.rpm
 7e8ccc9625637f1a7cb2ee61616bccd1  2010.0/i586/rootcerts-20091203.03-1mdv2010.0.i586.rpm
 19e8c622cd01142bed4b0a57ffe4bb5f  2010.0/i586/rootcerts-java-20091203.03-1mdv2010.0.i586.rpm 
 ae48e0a5ab9388e24ae69364f7632bca  2010.0/SRPMS/nss-3.12.4-2.1mdv2010.0.src.rpm
 697faf2305877bcdff145927f2dabfb6  2010.0/SRPMS/rootcerts-20091203.03-1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 50d4d8b5b6ed86fd158146f513b6bfd9  2010.0/x86_64/lib64nss3-3.12.4-2.1mdv2010.0.x86_64.rpm
 43ba5e7c5da89cf852212c9fdb8d6b15  2010.0/x86_64/lib64nss-devel-3.12.4-2.1mdv2010.0.x86_64.rpm
 cc23fee6478f5ecf4e6b7039c0ba71b5  2010.0/x86_64/lib64nss-static-devel-3.12.4-2.1mdv2010.0.x86_64.rpm
 4de292e3f0120aa4ad2501cc596e552a  2010.0/x86_64/nss-3.12.4-2.1mdv2010.0.x86_64.rpm
 ee6b8d19c06c3eb2f8788da2db7edddf  2010.0/x86_64/rootcerts-20091203.03-1mdv2010.0.x86_64.rpm
 4fb436a141aaa73d1127deed6a035a31  2010.0/x86_64/rootcerts-java-20091203.03-1mdv2010.0.x86_64.rpm 
 ae48e0a5ab9388e24ae69364f7632bca  2010.0/SRPMS/nss-3.12.4-2.1mdv2010.0.src.rpm
 697faf2305877bcdff145927f2dabfb6  2010.0/SRPMS/rootcerts-20091203.03-1mdv2010.0.src.rpm

 Mandriva Enterprise Server 5:
 9e3c0256390bbac56702a52372b273a8  mes5/i586/libnss3-3.12.3.1-0.2mdvmes5.i586.rpm
 617d879d968da482f23bd801820fbffa  mes5/i586/libnss-devel-3.12.3.1-0.2mdvmes5.i586.rpm
 bff91ae01a5792c95dff87bf7f87ce89  mes5/i586/libnss-static-devel-3.12.3.1-0.2mdvmes5.i586.rpm
 6dafb65324f41f5a2ec1902d4ff04b49  mes5/i586/nss-3.12.3.1-0.2mdvmes5.i586.rpm
 904ac265c92760cd9d15080dd95492ec  mes5/i586/rootcerts-20091203.03-1mdvmes5.i586.rpm
 89c07fff652242de2ce576d34eb1e18f  mes5/i586/rootcerts-java-20091203.03-1mdvmes5.i586.rpm 
 78b7e60062171bf18387e073836f5e4f  mes5/SRPMS/nss-3.12.3.1-0.2mdvmes5.src.rpm
 70cd6b9f7ab935b99a39fc3dfc736282  mes5/SRPMS/rootcerts-20091203.03-1mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 5424ae0f7ad6c6f38316699b3f788e3a  mes5/x86_64/lib64nss3-3.12.3.1-0.2mdvmes5.x86_64.rpm
 f3054b9907dc3d048b42b8c8a5ac9f37  mes5/x86_64/lib64nss-devel-3.12.3.1-0.2mdvmes5.x86_64.rpm
 70d39b44d6c2a2892117c882c6d27e15  mes5/x86_64/lib64nss-static-devel-3.12.3.1-0.2mdvmes5.x86_64.rpm
 d37a25789508d6b35e5d26eda998e47e  mes5/x86_64/nss-3.12.3.1-0.2mdvmes5.x86_64.rpm
 a90afa1beba9bcbb38ba4bb1a7854145  mes5/x86_64/rootcerts-20091203.03-1mdvmes5.x86_64.rpm
 e802a464f7000a3bcd37df0ab35b1b22  mes5/x86_64/rootcerts-java-20091203.03-1mdvmes5.x86_64.rpm 
 78b7e60062171bf18387e073836f5e4f  mes5/SRPMS/nss-3.12.3.1-0.2mdvmes5.src.rpm
 70cd6b9f7ab935b99a39fc3dfc736282  mes5/SRPMS/rootcerts-20091203.03-1mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLYf2xmqjQ0CJFipgRAvUFAKDvpCsZlGJM25Q1x0G1T3A2CHnJlQCfc0q1
Hsd/ode/lSdsS2FRnVodrYM=
=cwM6
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ