[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1277840357.7543.42.camel@luna>
Date: Tue, 29 Jun 2010 14:39:17 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce <ubuntu-security-announce@...ts.ubuntu.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>,
bugtraq <bugtraq@...urityfocus.com>
Subject: [USN-927-5] nspr update
===========================================================
Ubuntu Security Notice USN-927-5 June 29, 2010
nspr update
https://launchpad.net/bugs/599920
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
libnspr4-0d 4.8-0ubuntu0.8.04.1
After a standard system upgrade you need to restart any applications that
use NSPR, such as Firefox, to effect the necessary changes.
Details follow:
USN-927-4 fixed vulnerabilities in NSS. This update provides the NSPR
needed to use the new NSS.
Original advisory details:
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols. If an attacker could perform a man in the middle attack at the
start of a TLS connection, the attacker could inject arbitrary content at
the beginning of the user's session. This update adds support for the new
new renegotiation extension and will use it when the server supports it.
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.8-0ubuntu0.8.04.1.diff.gz
Size/MD5: 25304 a89005f28a3550016bfc1e1b03a62b47
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.8-0ubuntu0.8.04.1.dsc
Size/MD5: 1538 34d6a5c74bd116bd51e3dd57cdad1bfb
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.8.orig.tar.gz
Size/MD5: 1170419 e0916a72bcc6c427551ea262183fdb26
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 287818 ccd48e60c0fc94bb62ce357876d0b8ec
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 131152 a5dc7f6fe850270775c07dbd06c33b25
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 272486 11cd7f75d678ab8c4f51cdfb2e56b6fa
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.8.04.1_i386.deb
Size/MD5: 279448 ef823fec69f35a619582f48731559c2a
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.8.04.1_i386.deb
Size/MD5: 120418 cb1d35868cebbcaa3be4ad1b62cb4565
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.8.04.1_i386.deb
Size/MD5: 259106 9432f78ec57a2b9238e8b9e810286246
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 282710 0155f10a5a55ef199630ee74fb84310d
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 118914 ee8aa23a538679e11ec58e1aaa8538fe
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.8.04.1_lpia.deb
Size/MD5: 254744 449f1f6c5a296a5cf052dd1cde3634e4
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 289602 2f7d533c65882b5239ea50a86ce8e6ba
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 134550 24887e23d18fcb7453c064e269556595
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.8.04.1_powerpc.deb
Size/MD5: 266454 769f2f664f8e9cd2552ee7227a876d44
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.8.04.1_sparc.deb
Size/MD5: 265440 a14c8b3841b429218a70126605bb383c
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.8.04.1_sparc.deb
Size/MD5: 118014 98544a4737bdb0be89fc3e2dcd0b00f3
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.8.04.1_sparc.deb
Size/MD5: 254672 90862aaf37e0c8695dfd7e5d5cef6342
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists