[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1279876750.29936.4.camel@luna>
Date: Fri, 23 Jul 2010 11:19:10 +0200
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce <ubuntu-security-announce@...ts.ubuntu.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq <bugtraq@...urityfocus.com>
Subject: [USN-927-7] nspr update
===========================================================
Ubuntu Security Notice USN-927-7 July 23, 2010
nspr update
https://launchpad.net/bugs/599920
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.04:
libnspr4-0d 4.8-0ubuntu0.9.04.1
After a standard system upgrade you need to restart any applications that
use NSPR, such as Firefox, to effect the necessary changes.
Details follow:
USN-927-4 fixed vulnerabilities in NSS. This update provides the NSPR
needed to use the new NSS.
Original advisory details:
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols. If an attacker could perform a man in the middle attack at the
start of a TLS connection, the attacker could inject arbitrary content at
the beginning of the user's session. This update adds support for the new
new renegotiation extension and will use it when the server supports it.
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.8-0ubuntu0.9.04.1.diff.gz
Size/MD5: 27026 f2398e87d490d3fcec3fb0cf6be4369e
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.8-0ubuntu0.9.04.1.dsc
Size/MD5: 1538 73ab6665a42a128aae384a57d336b339
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.8.orig.tar.gz
Size/MD5: 1170419 e0916a72bcc6c427551ea262183fdb26
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 299974 dcd8d5e9686f5f7f99a8857dac45383c
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 134790 4b51097d2e6109e840355707e0259def
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 275134 8686b65317122f6a424307cd079239b0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.9.04.1_i386.deb
Size/MD5: 290400 1181db3e0a182a85380d0972767fe471
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.9.04.1_i386.deb
Size/MD5: 124714 43d66c5b716b96ae8a0d1528b37dd1a5
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.9.04.1_i386.deb
Size/MD5: 262838 a75f067e1e5acbe121c2117500b35f9e
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 294636 70bebd4c6b76ebb9c5142b8562ae17fe
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 123022 c353d7e06a660701f9a00f1c486c851c
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 258346 68fa5a2fd7b83f14256819eb92a7b320
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 302240 5fdd091450094dd2a98036a45f052042
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 138700 241261a023edac62998bf23af20cb5e2
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 271168 19b21e913ab0c795944b34f52e7851c1
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 276302 38b547b2c0124ef1f7d2486ea035f102
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 120370 169c60aa33f026b9cf5f922bac904e47
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 256322 62ba95c7de8f9288f6583e9d35dd7d22
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists