lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1277840357.7543.42.camel@luna>
Date: Tue, 29 Jun 2010 14:39:17 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce <ubuntu-security-announce@...ts.ubuntu.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>,
	bugtraq <bugtraq@...urityfocus.com>
Subject: [USN-927-5] nspr update

===========================================================
Ubuntu Security Notice USN-927-5              June 29, 2010
nspr update
https://launchpad.net/bugs/599920
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  libnspr4-0d                     4.8-0ubuntu0.8.04.1

After a standard system upgrade you need to restart any applications that
use NSPR, such as Firefox, to effect the necessary changes.

Details follow:

USN-927-4 fixed vulnerabilities in NSS. This update provides the NSPR
needed to use the new NSS.

Original advisory details:

 Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
 protocols. If an attacker could perform a man in the middle attack at the
 start of a TLS connection, the attacker could inject arbitrary content at
 the beginning of the user's session. This update adds support for the new
 new renegotiation extension and will use it when the server supports it.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.8-0ubuntu0.8.04.1.diff.gz
      Size/MD5:    25304 a89005f28a3550016bfc1e1b03a62b47
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.8-0ubuntu0.8.04.1.dsc
      Size/MD5:     1538 34d6a5c74bd116bd51e3dd57cdad1bfb
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.8.orig.tar.gz
      Size/MD5:  1170419 e0916a72bcc6c427551ea262183fdb26

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:   287818 ccd48e60c0fc94bb62ce357876d0b8ec
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:   131152 a5dc7f6fe850270775c07dbd06c33b25
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:   272486 11cd7f75d678ab8c4f51cdfb2e56b6fa

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.8.04.1_i386.deb
      Size/MD5:   279448 ef823fec69f35a619582f48731559c2a
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.8.04.1_i386.deb
      Size/MD5:   120418 cb1d35868cebbcaa3be4ad1b62cb4565
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.8.04.1_i386.deb
      Size/MD5:   259106 9432f78ec57a2b9238e8b9e810286246

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:   282710 0155f10a5a55ef199630ee74fb84310d
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:   118914 ee8aa23a538679e11ec58e1aaa8538fe
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:   254744 449f1f6c5a296a5cf052dd1cde3634e4

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:   289602 2f7d533c65882b5239ea50a86ce8e6ba
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:   134550 24887e23d18fcb7453c064e269556595
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:   266454 769f2f664f8e9cd2552ee7227a876d44

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.8.04.1_sparc.deb
      Size/MD5:   265440 a14c8b3841b429218a70126605bb383c
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.8.04.1_sparc.deb
      Size/MD5:   118014 98544a4737bdb0be89fc3e2dcd0b00f3
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.8.04.1_sparc.deb
      Size/MD5:   254672 90862aaf37e0c8695dfd7e5d5cef6342




Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ