lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Nd48a-0006eU-Vx@titan.mandriva.com>
Date: Thu, 04 Feb 2010 17:01:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:032 ] rootcerts


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:032
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : rootcerts
 Date    : February 4, 2010
 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 It was brought to our attention by Ludwig Nussel at SUSE the md5
 collision certificate should not be included. This update removes
 the offending certificate.
 
 Packages for 2008.0 are provided for Corporate Desktop 2008.0
 customers.
 
 The mozilla nss library has consequently been rebuilt to pickup these
 changes and are also being provided.
 _______________________________________________________________________

 References:

 http://www.phreedom.org/research/rogue-ca/
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 c0be9cd2cbe32ecf0cbe9efcc6b48bcf  2008.0/i586/libnss3-3.12.3.1-0.3mdv2008.0.i586.rpm
 4c85c05a4963b29efbe93324a73c0119  2008.0/i586/libnss-devel-3.12.3.1-0.3mdv2008.0.i586.rpm
 78ea532897f095f3f0d022fb5196b310  2008.0/i586/libnss-static-devel-3.12.3.1-0.3mdv2008.0.i586.rpm
 faa1a9f6d4ea0779c50d89b0995eb878  2008.0/i586/nss-3.12.3.1-0.3mdv2008.0.i586.rpm
 b97cacbe47f6f4621bdf001c1a52279f  2008.0/i586/rootcerts-20091203.04-1mdv2008.0.i586.rpm 
 b77f8a14ff4d042fb56df39fcdc8c6b4  2008.0/SRPMS/nss-3.12.3.1-0.3mdv2008.0.src.rpm
 fc9bc5da8d92ed59ca9e1116fc1e1066  2008.0/SRPMS/rootcerts-20091203.04-1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 ac8d7f4bcc518b7b114708e04ef2a81c  2008.0/x86_64/lib64nss3-3.12.3.1-0.3mdv2008.0.x86_64.rpm
 7fd80d8e75bc863e8cc156f8eda34c99  2008.0/x86_64/lib64nss-devel-3.12.3.1-0.3mdv2008.0.x86_64.rpm
 7e257ca13d9b4e5671e12014f8454fcd  2008.0/x86_64/lib64nss-static-devel-3.12.3.1-0.3mdv2008.0.x86_64.rpm
 2890ad45cde084278e6c1aa41518616f  2008.0/x86_64/nss-3.12.3.1-0.3mdv2008.0.x86_64.rpm
 1f4c8926245d72f28ee8f558367cb310  2008.0/x86_64/rootcerts-20091203.04-1mdv2008.0.x86_64.rpm 
 b77f8a14ff4d042fb56df39fcdc8c6b4  2008.0/SRPMS/nss-3.12.3.1-0.3mdv2008.0.src.rpm
 fc9bc5da8d92ed59ca9e1116fc1e1066  2008.0/SRPMS/rootcerts-20091203.04-1mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 1e7275412d2d4b737a3aa661bb5b0c50  2009.0/i586/libnss3-3.12.3.1-0.3mdv2009.0.i586.rpm
 2f253257d1140719dbccf85637373c2b  2009.0/i586/libnss-devel-3.12.3.1-0.3mdv2009.0.i586.rpm
 65eca7cfcce65b60e69e95e8ba751621  2009.0/i586/libnss-static-devel-3.12.3.1-0.3mdv2009.0.i586.rpm
 fa8c65e3c9907d1a7724b749acd2b665  2009.0/i586/nss-3.12.3.1-0.3mdv2009.0.i586.rpm
 67dc4b43b2c5b258673fcd164a9b9c4d  2009.0/i586/rootcerts-20091203.04-1mdv2009.0.i586.rpm
 4186a8c454fae03ce21ef73a73e27a4d  2009.0/i586/rootcerts-java-20091203.04-1mdv2009.0.i586.rpm 
 5b7822e13fb0b95668be13e39158e069  2009.0/SRPMS/nss-3.12.3.1-0.3mdv2009.0.src.rpm
 8ba6271c1c615620593cd84e1d173d00  2009.0/SRPMS/rootcerts-20091203.04-1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 20c00afa062067ab98741c44f319afb1  2009.0/x86_64/lib64nss3-3.12.3.1-0.3mdv2009.0.x86_64.rpm
 a4251bc21bf5af1c08509d2bd9c76212  2009.0/x86_64/lib64nss-devel-3.12.3.1-0.3mdv2009.0.x86_64.rpm
 81a3bbe448dc979799f6062b3fe0c2c6  2009.0/x86_64/lib64nss-static-devel-3.12.3.1-0.3mdv2009.0.x86_64.rpm
 913011d490c5147d3b1ee34ba8be1ab2  2009.0/x86_64/nss-3.12.3.1-0.3mdv2009.0.x86_64.rpm
 10e756644972160ea696dddf9c96803f  2009.0/x86_64/rootcerts-20091203.04-1mdv2009.0.x86_64.rpm
 d67b2fdc4ed9bfbe87dcd57df0187038  2009.0/x86_64/rootcerts-java-20091203.04-1mdv2009.0.x86_64.rpm 
 5b7822e13fb0b95668be13e39158e069  2009.0/SRPMS/nss-3.12.3.1-0.3mdv2009.0.src.rpm
 8ba6271c1c615620593cd84e1d173d00  2009.0/SRPMS/rootcerts-20091203.04-1mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 df7500efc910c929ff5ba7746c6dabeb  2009.1/i586/libnss3-3.12.3.1-0.3mdv2009.1.i586.rpm
 d3b0b27b327cb504cd4b05777ed55fa8  2009.1/i586/libnss-devel-3.12.3.1-0.3mdv2009.1.i586.rpm
 4323ce43b907753870dc288d7f2e640e  2009.1/i586/libnss-static-devel-3.12.3.1-0.3mdv2009.1.i586.rpm
 cd365d77dd94c02912d469ce5215beb5  2009.1/i586/nss-3.12.3.1-0.3mdv2009.1.i586.rpm
 0570308849f28b09a876d72fc47836e6  2009.1/i586/rootcerts-20091203.04-1mdv2009.1.i586.rpm
 2dedbde7d658cf77b302ad9f7b051357  2009.1/i586/rootcerts-java-20091203.04-1mdv2009.1.i586.rpm 
 1f4f9447cce88026fc67d3dbd2413de3  2009.1/SRPMS/nss-3.12.3.1-0.3mdv2009.1.src.rpm
 e6acad2a8a3e795c19a885c9a8e77e30  2009.1/SRPMS/rootcerts-20091203.04-1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 38948df2bcdfc9b34cadc1b16a0f67a9  2009.1/x86_64/lib64nss3-3.12.3.1-0.3mdv2009.1.x86_64.rpm
 e2f6989e17ab71c6d24b29cc543ea7af  2009.1/x86_64/lib64nss-devel-3.12.3.1-0.3mdv2009.1.x86_64.rpm
 c7b8d609c5fc1f11bfc5ee743906e288  2009.1/x86_64/lib64nss-static-devel-3.12.3.1-0.3mdv2009.1.x86_64.rpm
 c221f46ba77caacd158708e3a913d211  2009.1/x86_64/nss-3.12.3.1-0.3mdv2009.1.x86_64.rpm
 29a5204bfa28b1cccbf1c071047d2073  2009.1/x86_64/rootcerts-20091203.04-1mdv2009.1.x86_64.rpm
 dc7d3c85103609c70b755d9a21938563  2009.1/x86_64/rootcerts-java-20091203.04-1mdv2009.1.x86_64.rpm 
 1f4f9447cce88026fc67d3dbd2413de3  2009.1/SRPMS/nss-3.12.3.1-0.3mdv2009.1.src.rpm
 e6acad2a8a3e795c19a885c9a8e77e30  2009.1/SRPMS/rootcerts-20091203.04-1mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 2be08ef724b95d7a6e704321e07fa10e  2010.0/i586/libnss3-3.12.4-2.2mdv2010.0.i586.rpm
 ed12884eced5f6cd0c508c7f99a1da21  2010.0/i586/libnss-devel-3.12.4-2.2mdv2010.0.i586.rpm
 632d90069e3f168a56d1154c9614d907  2010.0/i586/libnss-static-devel-3.12.4-2.2mdv2010.0.i586.rpm
 a086ad0e94373ba3c41d14e30adbe9d0  2010.0/i586/nss-3.12.4-2.2mdv2010.0.i586.rpm
 e984c6277a2652bce16c386291ca9f14  2010.0/i586/rootcerts-20091203.04-1mdv2010.0.i586.rpm
 de701ae417835f8d258ba4920af03ce2  2010.0/i586/rootcerts-java-20091203.04-1mdv2010.0.i586.rpm 
 c90c11d64a63966caff483436d1369a2  2010.0/SRPMS/nss-3.12.4-2.2mdv2010.0.src.rpm
 0366a795cffe41abf644a4d251fd5cd1  2010.0/SRPMS/rootcerts-20091203.04-1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 0f7bad4f8db6fbc5b46345b616569f82  2010.0/x86_64/lib64nss3-3.12.4-2.2mdv2010.0.x86_64.rpm
 a3780118c20d0968b697768078a91140  2010.0/x86_64/lib64nss-devel-3.12.4-2.2mdv2010.0.x86_64.rpm
 bd97fde246cfaa89521d1fe519ac504f  2010.0/x86_64/lib64nss-static-devel-3.12.4-2.2mdv2010.0.x86_64.rpm
 555dfd2280715adf5ecf878392f412f7  2010.0/x86_64/nss-3.12.4-2.2mdv2010.0.x86_64.rpm
 a85ef46a3f7390e525499da8cb517b28  2010.0/x86_64/rootcerts-20091203.04-1mdv2010.0.x86_64.rpm
 f10c590d898002ef12a7836a6c946810  2010.0/x86_64/rootcerts-java-20091203.04-1mdv2010.0.x86_64.rpm 
 c90c11d64a63966caff483436d1369a2  2010.0/SRPMS/nss-3.12.4-2.2mdv2010.0.src.rpm
 0366a795cffe41abf644a4d251fd5cd1  2010.0/SRPMS/rootcerts-20091203.04-1mdv2010.0.src.rpm

 Mandriva Enterprise Server 5:
 9fa3e7b43ab7dd6b71e93f7d7a530d9b  mes5/i586/libnss3-3.12.3.1-0.3mdvmes5.i586.rpm
 17c13b7371d4461e4590f3296b164d01  mes5/i586/libnss-devel-3.12.3.1-0.3mdvmes5.i586.rpm
 fa7e5b35446a4b15fee350e4eb6469de  mes5/i586/libnss-static-devel-3.12.3.1-0.3mdvmes5.i586.rpm
 5d47263f3e2fe1d6eca529fbc41e1a45  mes5/i586/nss-3.12.3.1-0.3mdvmes5.i586.rpm
 be3d17c8e3b70b2eea882d145a15ad3c  mes5/i586/rootcerts-20091203.04-1mdvmes5.i586.rpm
 afb96495ab464ee24a66857b3a81d56b  mes5/i586/rootcerts-java-20091203.04-1mdvmes5.i586.rpm 
 f62814393267a1208020f4d0033dd525  mes5/SRPMS/nss-3.12.3.1-0.3mdvmes5.src.rpm
 73ce2343464a93c3bc85b07a8781fd2e  mes5/SRPMS/rootcerts-20091203.04-1mdv2010.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 9d251b020faa05a233856ccae1ca5e4e  mes5/x86_64/lib64nss3-3.12.3.1-0.3mdvmes5.x86_64.rpm
 78e80398614e4f7968c9617a3020829a  mes5/x86_64/lib64nss-devel-3.12.3.1-0.3mdvmes5.x86_64.rpm
 566d190a3eb0a7aa9465ef58eb228b18  mes5/x86_64/lib64nss-static-devel-3.12.3.1-0.3mdvmes5.x86_64.rpm
 9ceff03efa5892bfef7032a2261ee136  mes5/x86_64/nss-3.12.3.1-0.3mdvmes5.x86_64.rpm
 5d5e4319fdc03572a356934a61879e86  mes5/x86_64/rootcerts-20091203.04-1mdvmes5.x86_64.rpm
 84cd50aafe7321078026fb9a82ee2c33  mes5/x86_64/rootcerts-java-20091203.04-1mdvmes5.x86_64.rpm 
 f62814393267a1208020f4d0033dd525  mes5/SRPMS/nss-3.12.3.1-0.3mdvmes5.src.rpm
 73ce2343464a93c3bc85b07a8781fd2e  mes5/SRPMS/rootcerts-20091203.04-1mdv2010.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLasA8mqjQ0CJFipgRAvWTAJ9q+4DLAscYRneWfm/GEfwYzIWJngCglu3b
6Ze+ZosQNiAPdmdu0mRM2Pk=
=xf3+
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ