[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1279876434.29936.2.camel@luna>
Date: Fri, 23 Jul 2010 11:13:54 +0200
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce <ubuntu-security-announce@...ts.ubuntu.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-927-6] NSS vulnerability
===========================================================
Ubuntu Security Notice USN-927-6 July 23, 2010
nss vulnerability
CVE-2009-3555
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.04:
libnss3-1d 3.12.6-0ubuntu0.9.04.1
After a standard system upgrade you need to restart your session to effect
the necessary changes.
Details follow:
USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the
corresponding updates for Ubuntu 9.04.
Original advisory details:
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols. If an attacker could perform a man in the middle attack at the
start of a TLS connection, the attacker could inject arbitrary content at
the beginning of the user's session. This update adds support for the new
new renegotiation extension and will use it when the server supports it.
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.diff.gz
Size/MD5: 36776 09e94267337a3318b4955b7a830f5244
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.dsc
Size/MD5: 1651 a682fa17ab7385f06eae108e3b8eeb76
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz
Size/MD5: 5947630 da42596665f226de5eb3ecfc1ec57cd1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 3355322 1901b0a2e9022baccca540cb776da507
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 1230706 a5be600c34d6c62f3c7c7d9fe8fe6807
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 263110 37bf5e46dc372000a1932336ded61143
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 17788 cb888df2baa2d06cf98091f1bd033496
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 318718 77e6de51c2beebe6a2570e1f70069d91
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_i386.deb
Size/MD5: 3181812 ab6888c9709c1101e0f07bda925ea76b
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_i386.deb
Size/MD5: 1112446 64e165966e297b247e220aa017851248
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_i386.deb
Size/MD5: 260434 6dc65e066be54da5a4ad7e784c37fa49
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_i386.deb
Size/MD5: 17790 6a4afb594384085b41502911476f9d27
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_i386.deb
Size/MD5: 301968 a5f1eb30b4dd64bbac568873ad700887
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 3220356 1bed6847d860f8dd0a845062cf227322
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 1085226 c5e07d7711f257888071d97ff551f42e
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 259084 d6424f00ee83eaf9abb433768edb37c2
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 17788 217da64905b090392eb4acfa43d282c2
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 297772 7f223b5673372154a73cf84c9ed6bfda
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 3330434 d4c4fe0a437c5f2dd20b81df2cf936b5
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 1202898 b27bda4a282c5b46733dcc21519cc4b6
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 262126 bb796b31d740e38581a37003a89c18a5
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 17794 0109fab35491b7f7f6e8d9649acbd728
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 323344 8e6f667e0df078a4b68d72acddfc3326
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 2988064 97a10a1098bc541808ead09dcb1711c5
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 1074248 4de13c4f7e970d56fa65e6f0e472f320
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 257214 d1ee26bd6f9e26f93f8b8af403d41b1a
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 17794 2f08b7d40b6069754762083051c03f27
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 303452 b1dc3dbcbf441a81ef5005e72ad60620
--
Jamie Strandboge | http://www.canonical.com
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists