Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[USN-927-4] nss vulnerability
From: Jamie Strandboge <jamie () canonical com>
Date: Tue, 29 Jun 2010 14:21:00 -0500

===========================================================
Ubuntu Security Notice USN-927-4              June 29, 2010
nss vulnerability
CVE-2009-3555
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  libnss3-1d                      3.12.6-0ubuntu0.8.04.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

USN-927-1 fixed vulnerabilities in nss in Ubuntu 9.10. This update provides
the corresponding updates for Ubuntu 8.04 LTS.

Original advisory details:

 Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
 protocols. If an attacker could perform a man in the middle attack at the
 start of a TLS connection, the attacker could inject arbitrary content at
 the beginning of the user's session. This update adds support for the new
 new renegotiation extension and will use it when the server supports it.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.8.04.1.diff.gz
      Size/MD5:    37346 6a94c48e52a5f2472f89c948c6121e87
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.8.04.1.dsc
      Size/MD5:     1651 dac6db68fa9de3c92e12f272dc8526e5
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz
      Size/MD5:  5947630 da42596665f226de5eb3ecfc1ec57cd1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:    18658 08036515d5ef96b7f2b20912085616bb
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:  3214690 7b7b6d770bbe831a6db15f3b075be48a
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:  1181818 75d3627ffc4f26c7e51a3c9d8e6d841a
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:   262768 7e1814225954057dc2df6226f822246f
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:   313888 98ac46a0e05fd5b8bc17741e37a06a32

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_i386.deb
      Size/MD5:    18632 e6f8e62eb98c1385d85ca9cbe49a7257
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_i386.deb
      Size/MD5:  3063554 40deebbe99b442e09452c2e6245b2f7b
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_i386.deb
      Size/MD5:  1073332 2583f6e4d6ba5e29bee7123035e5c7b1
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_i386.deb
      Size/MD5:   259996 4050c11d7aa41505102be2ebacb575d3
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_i386.deb
      Size/MD5:   296448 55e5a681b812b6caf23c440b475f6fa1

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:    18626 337d03cb5e7441c778f01de6f67436bf
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:  3096098 20ea53d1c6c648d5bafca348d54b267e
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:  1050356 8fb5698de23d546dd5cad816af7f8a88
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:   258850 156f07acae47a5f0ac63acdf5038d44f
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:   293704 5b70600519c6130cf577c4f15f7f4350

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:    21098 9cf7367deb2f2f1c52a3f07ad2e6695a
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:  3179272 11c203af481503da1b1384ad7607d659
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:  1179728 ff3634e2bddc7e23e7bc68eee1214950
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:   261728 728c6e12354eed8bf813af0531dcd0ea
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:   326690 6319e7b0a414fe476e932f8d9312d93e

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.6-0ubuntu0.8.04.1_sparc.deb
      Size/MD5:    18726 68631257ee138b336776c77793e3771a
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.8.04.1_sparc.deb
      Size/MD5:  2887714 e36c0930f015a8470d08b42e322cf5ab
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.8.04.1_sparc.deb
      Size/MD5:  1055104 6a8d5cdde08302883ddc8ee689a22ae4
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.8.04.1_sparc.deb
      Size/MD5:   256862 7c44db799ed6df870989b547569f20b8
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.8.04.1_sparc.deb
      Size/MD5:   301452 f88662f344801dbd5079740cdc970230



Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [USN-927-4] nss vulnerability Jamie Strandboge (Jun 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]