[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Nd48a-0006eU-Vx@titan.mandriva.com>
Date: Thu, 04 Feb 2010 17:01:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:032 ] rootcerts
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:032
http://www.mandriva.com/security/
_______________________________________________________________________
Package : rootcerts
Date : February 4, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
It was brought to our attention by Ludwig Nussel at SUSE the md5
collision certificate should not be included. This update removes
the offending certificate.
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The mozilla nss library has consequently been rebuilt to pickup these
changes and are also being provided.
_______________________________________________________________________
References:
http://www.phreedom.org/research/rogue-ca/
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
c0be9cd2cbe32ecf0cbe9efcc6b48bcf 2008.0/i586/libnss3-3.12.3.1-0.3mdv2008.0.i586.rpm
4c85c05a4963b29efbe93324a73c0119 2008.0/i586/libnss-devel-3.12.3.1-0.3mdv2008.0.i586.rpm
78ea532897f095f3f0d022fb5196b310 2008.0/i586/libnss-static-devel-3.12.3.1-0.3mdv2008.0.i586.rpm
faa1a9f6d4ea0779c50d89b0995eb878 2008.0/i586/nss-3.12.3.1-0.3mdv2008.0.i586.rpm
b97cacbe47f6f4621bdf001c1a52279f 2008.0/i586/rootcerts-20091203.04-1mdv2008.0.i586.rpm
b77f8a14ff4d042fb56df39fcdc8c6b4 2008.0/SRPMS/nss-3.12.3.1-0.3mdv2008.0.src.rpm
fc9bc5da8d92ed59ca9e1116fc1e1066 2008.0/SRPMS/rootcerts-20091203.04-1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
ac8d7f4bcc518b7b114708e04ef2a81c 2008.0/x86_64/lib64nss3-3.12.3.1-0.3mdv2008.0.x86_64.rpm
7fd80d8e75bc863e8cc156f8eda34c99 2008.0/x86_64/lib64nss-devel-3.12.3.1-0.3mdv2008.0.x86_64.rpm
7e257ca13d9b4e5671e12014f8454fcd 2008.0/x86_64/lib64nss-static-devel-3.12.3.1-0.3mdv2008.0.x86_64.rpm
2890ad45cde084278e6c1aa41518616f 2008.0/x86_64/nss-3.12.3.1-0.3mdv2008.0.x86_64.rpm
1f4c8926245d72f28ee8f558367cb310 2008.0/x86_64/rootcerts-20091203.04-1mdv2008.0.x86_64.rpm
b77f8a14ff4d042fb56df39fcdc8c6b4 2008.0/SRPMS/nss-3.12.3.1-0.3mdv2008.0.src.rpm
fc9bc5da8d92ed59ca9e1116fc1e1066 2008.0/SRPMS/rootcerts-20091203.04-1mdv2008.0.src.rpm
Mandriva Linux 2009.0:
1e7275412d2d4b737a3aa661bb5b0c50 2009.0/i586/libnss3-3.12.3.1-0.3mdv2009.0.i586.rpm
2f253257d1140719dbccf85637373c2b 2009.0/i586/libnss-devel-3.12.3.1-0.3mdv2009.0.i586.rpm
65eca7cfcce65b60e69e95e8ba751621 2009.0/i586/libnss-static-devel-3.12.3.1-0.3mdv2009.0.i586.rpm
fa8c65e3c9907d1a7724b749acd2b665 2009.0/i586/nss-3.12.3.1-0.3mdv2009.0.i586.rpm
67dc4b43b2c5b258673fcd164a9b9c4d 2009.0/i586/rootcerts-20091203.04-1mdv2009.0.i586.rpm
4186a8c454fae03ce21ef73a73e27a4d 2009.0/i586/rootcerts-java-20091203.04-1mdv2009.0.i586.rpm
5b7822e13fb0b95668be13e39158e069 2009.0/SRPMS/nss-3.12.3.1-0.3mdv2009.0.src.rpm
8ba6271c1c615620593cd84e1d173d00 2009.0/SRPMS/rootcerts-20091203.04-1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
20c00afa062067ab98741c44f319afb1 2009.0/x86_64/lib64nss3-3.12.3.1-0.3mdv2009.0.x86_64.rpm
a4251bc21bf5af1c08509d2bd9c76212 2009.0/x86_64/lib64nss-devel-3.12.3.1-0.3mdv2009.0.x86_64.rpm
81a3bbe448dc979799f6062b3fe0c2c6 2009.0/x86_64/lib64nss-static-devel-3.12.3.1-0.3mdv2009.0.x86_64.rpm
913011d490c5147d3b1ee34ba8be1ab2 2009.0/x86_64/nss-3.12.3.1-0.3mdv2009.0.x86_64.rpm
10e756644972160ea696dddf9c96803f 2009.0/x86_64/rootcerts-20091203.04-1mdv2009.0.x86_64.rpm
d67b2fdc4ed9bfbe87dcd57df0187038 2009.0/x86_64/rootcerts-java-20091203.04-1mdv2009.0.x86_64.rpm
5b7822e13fb0b95668be13e39158e069 2009.0/SRPMS/nss-3.12.3.1-0.3mdv2009.0.src.rpm
8ba6271c1c615620593cd84e1d173d00 2009.0/SRPMS/rootcerts-20091203.04-1mdv2009.0.src.rpm
Mandriva Linux 2009.1:
df7500efc910c929ff5ba7746c6dabeb 2009.1/i586/libnss3-3.12.3.1-0.3mdv2009.1.i586.rpm
d3b0b27b327cb504cd4b05777ed55fa8 2009.1/i586/libnss-devel-3.12.3.1-0.3mdv2009.1.i586.rpm
4323ce43b907753870dc288d7f2e640e 2009.1/i586/libnss-static-devel-3.12.3.1-0.3mdv2009.1.i586.rpm
cd365d77dd94c02912d469ce5215beb5 2009.1/i586/nss-3.12.3.1-0.3mdv2009.1.i586.rpm
0570308849f28b09a876d72fc47836e6 2009.1/i586/rootcerts-20091203.04-1mdv2009.1.i586.rpm
2dedbde7d658cf77b302ad9f7b051357 2009.1/i586/rootcerts-java-20091203.04-1mdv2009.1.i586.rpm
1f4f9447cce88026fc67d3dbd2413de3 2009.1/SRPMS/nss-3.12.3.1-0.3mdv2009.1.src.rpm
e6acad2a8a3e795c19a885c9a8e77e30 2009.1/SRPMS/rootcerts-20091203.04-1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
38948df2bcdfc9b34cadc1b16a0f67a9 2009.1/x86_64/lib64nss3-3.12.3.1-0.3mdv2009.1.x86_64.rpm
e2f6989e17ab71c6d24b29cc543ea7af 2009.1/x86_64/lib64nss-devel-3.12.3.1-0.3mdv2009.1.x86_64.rpm
c7b8d609c5fc1f11bfc5ee743906e288 2009.1/x86_64/lib64nss-static-devel-3.12.3.1-0.3mdv2009.1.x86_64.rpm
c221f46ba77caacd158708e3a913d211 2009.1/x86_64/nss-3.12.3.1-0.3mdv2009.1.x86_64.rpm
29a5204bfa28b1cccbf1c071047d2073 2009.1/x86_64/rootcerts-20091203.04-1mdv2009.1.x86_64.rpm
dc7d3c85103609c70b755d9a21938563 2009.1/x86_64/rootcerts-java-20091203.04-1mdv2009.1.x86_64.rpm
1f4f9447cce88026fc67d3dbd2413de3 2009.1/SRPMS/nss-3.12.3.1-0.3mdv2009.1.src.rpm
e6acad2a8a3e795c19a885c9a8e77e30 2009.1/SRPMS/rootcerts-20091203.04-1mdv2009.1.src.rpm
Mandriva Linux 2010.0:
2be08ef724b95d7a6e704321e07fa10e 2010.0/i586/libnss3-3.12.4-2.2mdv2010.0.i586.rpm
ed12884eced5f6cd0c508c7f99a1da21 2010.0/i586/libnss-devel-3.12.4-2.2mdv2010.0.i586.rpm
632d90069e3f168a56d1154c9614d907 2010.0/i586/libnss-static-devel-3.12.4-2.2mdv2010.0.i586.rpm
a086ad0e94373ba3c41d14e30adbe9d0 2010.0/i586/nss-3.12.4-2.2mdv2010.0.i586.rpm
e984c6277a2652bce16c386291ca9f14 2010.0/i586/rootcerts-20091203.04-1mdv2010.0.i586.rpm
de701ae417835f8d258ba4920af03ce2 2010.0/i586/rootcerts-java-20091203.04-1mdv2010.0.i586.rpm
c90c11d64a63966caff483436d1369a2 2010.0/SRPMS/nss-3.12.4-2.2mdv2010.0.src.rpm
0366a795cffe41abf644a4d251fd5cd1 2010.0/SRPMS/rootcerts-20091203.04-1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
0f7bad4f8db6fbc5b46345b616569f82 2010.0/x86_64/lib64nss3-3.12.4-2.2mdv2010.0.x86_64.rpm
a3780118c20d0968b697768078a91140 2010.0/x86_64/lib64nss-devel-3.12.4-2.2mdv2010.0.x86_64.rpm
bd97fde246cfaa89521d1fe519ac504f 2010.0/x86_64/lib64nss-static-devel-3.12.4-2.2mdv2010.0.x86_64.rpm
555dfd2280715adf5ecf878392f412f7 2010.0/x86_64/nss-3.12.4-2.2mdv2010.0.x86_64.rpm
a85ef46a3f7390e525499da8cb517b28 2010.0/x86_64/rootcerts-20091203.04-1mdv2010.0.x86_64.rpm
f10c590d898002ef12a7836a6c946810 2010.0/x86_64/rootcerts-java-20091203.04-1mdv2010.0.x86_64.rpm
c90c11d64a63966caff483436d1369a2 2010.0/SRPMS/nss-3.12.4-2.2mdv2010.0.src.rpm
0366a795cffe41abf644a4d251fd5cd1 2010.0/SRPMS/rootcerts-20091203.04-1mdv2010.0.src.rpm
Mandriva Enterprise Server 5:
9fa3e7b43ab7dd6b71e93f7d7a530d9b mes5/i586/libnss3-3.12.3.1-0.3mdvmes5.i586.rpm
17c13b7371d4461e4590f3296b164d01 mes5/i586/libnss-devel-3.12.3.1-0.3mdvmes5.i586.rpm
fa7e5b35446a4b15fee350e4eb6469de mes5/i586/libnss-static-devel-3.12.3.1-0.3mdvmes5.i586.rpm
5d47263f3e2fe1d6eca529fbc41e1a45 mes5/i586/nss-3.12.3.1-0.3mdvmes5.i586.rpm
be3d17c8e3b70b2eea882d145a15ad3c mes5/i586/rootcerts-20091203.04-1mdvmes5.i586.rpm
afb96495ab464ee24a66857b3a81d56b mes5/i586/rootcerts-java-20091203.04-1mdvmes5.i586.rpm
f62814393267a1208020f4d0033dd525 mes5/SRPMS/nss-3.12.3.1-0.3mdvmes5.src.rpm
73ce2343464a93c3bc85b07a8781fd2e mes5/SRPMS/rootcerts-20091203.04-1mdv2010.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
9d251b020faa05a233856ccae1ca5e4e mes5/x86_64/lib64nss3-3.12.3.1-0.3mdvmes5.x86_64.rpm
78e80398614e4f7968c9617a3020829a mes5/x86_64/lib64nss-devel-3.12.3.1-0.3mdvmes5.x86_64.rpm
566d190a3eb0a7aa9465ef58eb228b18 mes5/x86_64/lib64nss-static-devel-3.12.3.1-0.3mdvmes5.x86_64.rpm
9ceff03efa5892bfef7032a2261ee136 mes5/x86_64/nss-3.12.3.1-0.3mdvmes5.x86_64.rpm
5d5e4319fdc03572a356934a61879e86 mes5/x86_64/rootcerts-20091203.04-1mdvmes5.x86_64.rpm
84cd50aafe7321078026fb9a82ee2c33 mes5/x86_64/rootcerts-java-20091203.04-1mdvmes5.x86_64.rpm
f62814393267a1208020f4d0033dd525 mes5/SRPMS/nss-3.12.3.1-0.3mdvmes5.src.rpm
73ce2343464a93c3bc85b07a8781fd2e mes5/SRPMS/rootcerts-20091203.04-1mdv2010.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLasA8mqjQ0CJFipgRAvWTAJ9q+4DLAscYRneWfm/GEfwYzIWJngCglu3b
6Ze+ZosQNiAPdmdu0mRM2Pk=
=xf3+
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists