[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1277839260.7543.41.camel@luna>
Date: Tue, 29 Jun 2010 14:21:00 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce <ubuntu-security-announce@...ts.ubuntu.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-927-4] nss vulnerability
===========================================================
Ubuntu Security Notice USN-927-4 June 29, 2010
nss vulnerability
CVE-2009-3555
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
libnss3-1d 3.12.6-0ubuntu0.8.04.1
After a standard system upgrade you need to restart your session to effect
the necessary changes.
Details follow:
USN-927-1 fixed vulnerabilities in nss in Ubuntu 9.10. This update provides
the corresponding updates for Ubuntu 8.04 LTS.
Original advisory details:
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols. If an attacker could perform a man in the middle attack at the
start of a TLS connection, the attacker could inject arbitrary content at
the beginning of the user's session. This update adds support for the new
new renegotiation extension and will use it when the server supports it.
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.8.04.1.diff.gz
Size/MD5: 37346 6a94c48e52a5f2472f89c948c6121e87
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.8.04.1.dsc
Size/MD5: 1651 dac6db68fa9de3c92e12f272dc8526e5
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz
Size/MD5: 5947630 da42596665f226de5eb3ecfc1ec57cd1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 18658 08036515d5ef96b7f2b20912085616bb
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 3214690 7b7b6d770bbe831a6db15f3b075be48a
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 1181818 75d3627ffc4f26c7e51a3c9d8e6d841a
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 262768 7e1814225954057dc2df6226f822246f
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 313888 98ac46a0e05fd5b8bc17741e37a06a32
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_i386.deb
Size/MD5: 18632 e6f8e62eb98c1385d85ca9cbe49a7257
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_i386.deb
Size/MD5: 3063554 40deebbe99b442e09452c2e6245b2f7b
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_i386.deb
Size/MD5: 1073332 2583f6e4d6ba5e29bee7123035e5c7b1
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_i386.deb
Size/MD5: 259996 4050c11d7aa41505102be2ebacb575d3
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_i386.deb
Size/MD5: 296448 55e5a681b812b6caf23c440b475f6fa1
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 18626 337d03cb5e7441c778f01de6f67436bf
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 3096098 20ea53d1c6c648d5bafca348d54b267e
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 1050356 8fb5698de23d546dd5cad816af7f8a88
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 258850 156f07acae47a5f0ac63acdf5038d44f
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 293704 5b70600519c6130cf577c4f15f7f4350
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 21098 9cf7367deb2f2f1c52a3f07ad2e6695a
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 3179272 11c203af481503da1b1384ad7607d659
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 1179728 ff3634e2bddc7e23e7bc68eee1214950
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 261728 728c6e12354eed8bf813af0531dcd0ea
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 326690 6319e7b0a414fe476e932f8d9312d93e
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_sparc.deb
Size/MD5: 18726 68631257ee138b336776c77793e3771a
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_sparc.deb
Size/MD5: 2887714 e36c0930f015a8470d08b42e322cf5ab
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_sparc.deb
Size/MD5: 1055104 6a8d5cdde08302883ddc8ee689a22ae4
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_sparc.deb
Size/MD5: 256862 7c44db799ed6df870989b547569f20b8
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_sparc.deb
Size/MD5: 301452 f88662f344801dbd5079740cdc970230
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists