lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1279876750.29936.4.camel@luna>
Date: Fri, 23 Jul 2010 11:19:10 +0200
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce <ubuntu-security-announce@...ts.ubuntu.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq <bugtraq@...urityfocus.com>
Subject: [USN-927-7] nspr update

===========================================================
Ubuntu Security Notice USN-927-7              July 23, 2010
nspr update
https://launchpad.net/bugs/599920
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
  libnspr4-0d                     4.8-0ubuntu0.9.04.1

After a standard system upgrade you need to restart any applications that
use NSPR, such as Firefox, to effect the necessary changes.

Details follow:

USN-927-4 fixed vulnerabilities in NSS. This update provides the NSPR
needed to use the new NSS.

Original advisory details:

 Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
 protocols. If an attacker could perform a man in the middle attack at the
 start of a TLS connection, the attacker could inject arbitrary content at
 the beginning of the user's session. This update adds support for the new
 new renegotiation extension and will use it when the server supports it.


Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.8-0ubuntu0.9.04.1.diff.gz
      Size/MD5:    27026 f2398e87d490d3fcec3fb0cf6be4369e
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.8-0ubuntu0.9.04.1.dsc
      Size/MD5:     1538 73ab6665a42a128aae384a57d336b339
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.8.orig.tar.gz
      Size/MD5:  1170419 e0916a72bcc6c427551ea262183fdb26

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:   299974 dcd8d5e9686f5f7f99a8857dac45383c
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:   134790 4b51097d2e6109e840355707e0259def
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:   275134 8686b65317122f6a424307cd079239b0

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.9.04.1_i386.deb
      Size/MD5:   290400 1181db3e0a182a85380d0972767fe471
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.9.04.1_i386.deb
      Size/MD5:   124714 43d66c5b716b96ae8a0d1528b37dd1a5
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.9.04.1_i386.deb
      Size/MD5:   262838 a75f067e1e5acbe121c2117500b35f9e

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:   294636 70bebd4c6b76ebb9c5142b8562ae17fe
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:   123022 c353d7e06a660701f9a00f1c486c851c
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:   258346 68fa5a2fd7b83f14256819eb92a7b320

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:   302240 5fdd091450094dd2a98036a45f052042
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:   138700 241261a023edac62998bf23af20cb5e2
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:   271168 19b21e913ab0c795944b34f52e7851c1

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:   276302 38b547b2c0124ef1f7d2486ea035f102
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:   120370 169c60aa33f026b9cf5f922bac904e47
    http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:   256322 62ba95c7de8f9288f6583e9d35dd7d22




Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ