[USN-927-6] NSS vulnerability

Jamie Strandboge jamie at canonical.com
Fri Jul 23 10:13:54 BST 2010


===========================================================
Ubuntu Security Notice USN-927-6              July 23, 2010
nss vulnerability
CVE-2009-3555
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
  libnss3-1d                      3.12.6-0ubuntu0.9.04.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the
corresponding updates for Ubuntu 9.04.

Original advisory details:

 Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
 protocols. If an attacker could perform a man in the middle attack at the
 start of a TLS connection, the attacker could inject arbitrary content at
 the beginning of the user's session. This update adds support for the new
 new renegotiation extension and will use it when the server supports it.


Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.diff.gz
      Size/MD5:    36776 09e94267337a3318b4955b7a830f5244
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.dsc
      Size/MD5:     1651 a682fa17ab7385f06eae108e3b8eeb76
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz
      Size/MD5:  5947630 da42596665f226de5eb3ecfc1ec57cd1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:  3355322 1901b0a2e9022baccca540cb776da507
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:  1230706 a5be600c34d6c62f3c7c7d9fe8fe6807
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:   263110 37bf5e46dc372000a1932336ded61143
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:    17788 cb888df2baa2d06cf98091f1bd033496
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:   318718 77e6de51c2beebe6a2570e1f70069d91

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_i386.deb
      Size/MD5:  3181812 ab6888c9709c1101e0f07bda925ea76b
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_i386.deb
      Size/MD5:  1112446 64e165966e297b247e220aa017851248
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_i386.deb
      Size/MD5:   260434 6dc65e066be54da5a4ad7e784c37fa49
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_i386.deb
      Size/MD5:    17790 6a4afb594384085b41502911476f9d27
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_i386.deb
      Size/MD5:   301968 a5f1eb30b4dd64bbac568873ad700887

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:  3220356 1bed6847d860f8dd0a845062cf227322
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:  1085226 c5e07d7711f257888071d97ff551f42e
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:   259084 d6424f00ee83eaf9abb433768edb37c2
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:    17788 217da64905b090392eb4acfa43d282c2
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:   297772 7f223b5673372154a73cf84c9ed6bfda

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:  3330434 d4c4fe0a437c5f2dd20b81df2cf936b5
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:  1202898 b27bda4a282c5b46733dcc21519cc4b6
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:   262126 bb796b31d740e38581a37003a89c18a5
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:    17794 0109fab35491b7f7f6e8d9649acbd728
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:   323344 8e6f667e0df078a4b68d72acddfc3326

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:  2988064 97a10a1098bc541808ead09dcb1711c5
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:  1074248 4de13c4f7e970d56fa65e6f0e472f320
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:   257214 d1ee26bd6f9e26f93f8b8af403d41b1a
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:    17794 2f08b7d40b6069754762083051c03f27
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:   303452 b1dc3dbcbf441a81ef5005e72ad60620



-- 
Jamie Strandboge             | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20100723/4f2c91a7/attachment.pgp 


More information about the ubuntu-security-announce mailing list