[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100409224430.GA4704@severus.strandboge.com>
Date: Fri, 9 Apr 2010 17:44:30 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-927-1] NSS vulnerability
===========================================================
Ubuntu Security Notice USN-927-1 April 09, 2010
nss vulnerability
CVE-2009-3555
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.10:
libnss3-1d 3.12.6-0ubuntu0.9.10.1
After a standard system upgrade you need to restart your session to effect
the necessary changes.
Details follow:
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols. If an attacker could perform a man in the middle attack at the
start of a TLS connection, the attacker could inject arbitrary content at
the beginning of the user's session. This update adds support for the new
new renegotiation extension and will use it when the server supports it.
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.10.1.diff.gz
Size/MD5: 36589 0b0b4b8d1dd122093fa815d69efbc89e
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.10.1.dsc
Size/MD5: 1651 a0117f537999a8c5a29dac921fe3db19
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz
Size/MD5: 5947630 da42596665f226de5eb3ecfc1ec57cd1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.1_amd64.deb
Size/MD5: 3235746 038ea8c22fc1adcec7c6eb94a2666e7f
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.1_amd64.deb
Size/MD5: 1234192 6ce9b85ed07528c77d924d8949c85774
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.1_amd64.deb
Size/MD5: 263144 cb7c75294d9ce22ed463935759f8546a
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.1_amd64.deb
Size/MD5: 17752 041cb0b8d9ef5e7dbb4a7b6b21c68fed
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.1_amd64.deb
Size/MD5: 313120 9305a9fbe4473a5fbcb129052d3a9d5e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.1_i386.deb
Size/MD5: 3178260 f86edf83bfa1a693add3f9f9a5fce87d
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.1_i386.deb
Size/MD5: 1119650 7ea6f3113550c23ff2d786e8bb6826a9
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.1_i386.deb
Size/MD5: 260452 2be494403893cce2523e56003450381f
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.1_i386.deb
Size/MD5: 17758 84b68d14e2edafa15c4d85251a234509
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.1_i386.deb
Size/MD5: 299734 78c46aca04aae9369ba47dbbbd7b4ebb
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.1_lpia.deb
Size/MD5: 3216586 542551cab0ad5b7d02469995f0138483
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.1_lpia.deb
Size/MD5: 1095640 673d9d626476508b78b1c01ec14da360
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.1_lpia.deb
Size/MD5: 259386 22bac19ca5b1faee3374cfa4d71ee0f6
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.1_lpia.deb
Size/MD5: 17754 cf0945e1ee85107157e820fa4f1ee5c6
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.1_lpia.deb
Size/MD5: 298426 25cb3017432736f8fe127efc2cef8235
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.1_powerpc.deb
Size/MD5: 3325392 71aa8238fa81e9eda6405450e9a15389
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.1_powerpc.deb
Size/MD5: 1206786 5b3f8a2c91c7c8a58055f2bdf3b47ee3
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.1_powerpc.deb
Size/MD5: 261718 e0f60fafda404bbcd749a1279bdd2601
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.1_powerpc.deb
Size/MD5: 17758 ce3c85e4e6e53fff45bcbec8fac99ede
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.1_powerpc.deb
Size/MD5: 310922 acc562396e43692d342d0c44fe7e9131
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.1_sparc.deb
Size/MD5: 2967738 84df47285cec6cdb16b0065d5355ca85
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.1_sparc.deb
Size/MD5: 1074378 c73f91baf37dad435bb51de4b2e64e3e
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.1_sparc.deb
Size/MD5: 257336 ea7048dc03a2264acc750bb5c7bf6f7b
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.1_sparc.deb
Size/MD5: 17758 5a7b808fbff5511d43d626dcf9e0df58
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.1_sparc.deb
Size/MD5: 299884 53a75a26c11e85067582ab05123d07fe
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists