=========================================================== Ubuntu Security Notice USN-927-2 April 11, 2010 nss regression https://launchpad.net/bugs/559881 ===========================================================
A security issue affects the following Ubuntu releases: Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.10: libnss3-1d 3.12.6-0ubuntu0.9.10.2 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: USN-927-1 fixed vulnerabilities in NSS. Upstream NSS 3.12.6 added an additional checksum verification on libnssdbm3.so, but the Ubuntu packaging did not create this checksum. As a result, Firefox could not initialize the security component when the NSS Internal FIPS PKCS #11 Module was enabled. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it. Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.10.2.diff.gz Size/MD5: 36659 1c82d002115ed4a76dc98d33ef5c839c http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.10.2.dsc Size/MD5: 1651 41544d2843858123ad5852de1587744c http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz Size/MD5: 5947630 da42596665f226de5eb3ecfc1ec57cd1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.2_amd64.deb Size/MD5: 3235700 8227d9d710a9784750fc541f82d85101 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.2_amd64.deb Size/MD5: 1234558 f8db18eb4fec7df4387e5e546ea99871 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.2_amd64.deb Size/MD5: 263208 692167e64c00a9990af72a28299b4fbb http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.2_amd64.deb Size/MD5: 17854 f9fa214108ab20d8fe4d61567a86d7c0 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.2_amd64.deb Size/MD5: 313212 4ae57dcb06572bcdc1e311977a965c55 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.2_i386.deb Size/MD5: 3178422 4a141b3f01631497184c0bb260a212f3 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.2_i386.deb Size/MD5: 1119994 8e4bfbd067aa051603306ce57949ce51 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.2_i386.deb Size/MD5: 260530 c61feb6f65d7419f93f355a5f0755917 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.2_i386.deb Size/MD5: 17856 05ac21be0089e816c076f8707d41d21b http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.2_i386.deb Size/MD5: 299834 26d317dc29710b27dd0d0b7a36b6c2a1 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.2_lpia.deb Size/MD5: 3216556 9230b137f92129c304dddfc5c67853fe http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.2_lpia.deb Size/MD5: 1095892 9566ecb3416bd99ba0e6288505626fe9 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.2_lpia.deb Size/MD5: 259484 0236cb25267ac3ca1b3bfd586d14d26d http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.2_lpia.deb Size/MD5: 17858 ecb362aec61c87f1cfc4e86cd2dec5cb http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.2_lpia.deb Size/MD5: 298510 2977f41a1b2fcf7ca25b331336f7dc8f powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.2_powerpc.deb Size/MD5: 3325490 ac9caf32bab4d4b911d1c54112583b65 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.2_powerpc.deb Size/MD5: 1207122 99b17d40842c1804ee23d19e4a7ffaa0 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.2_powerpc.deb Size/MD5: 261820 f46b59e90bf4ff07ca79b5d404f372ed http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.2_powerpc.deb Size/MD5: 17858 dca2efb9e1426ff39c55008eaf942926 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.2_powerpc.deb Size/MD5: 311022 da3a483c19347cd667c11d8a989d15aa sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.10.2_sparc.deb Size/MD5: 2967780 e3456024e64ee1d14b5b754a93840ac7 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.10.2_sparc.deb Size/MD5: 1074620 202e630d20824b2d4e2614d11d86c2c4 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.10.2_sparc.deb Size/MD5: 257422 fa69b29c59fe334d65d433ab11febbed http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.10.2_sparc.deb Size/MD5: 17856 287ae523a22a8049d3d1c802d5760b83 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.10.2_sparc.deb Size/MD5: 299970 ed1b8755bc1e9da16a08c82ebfecf0fd
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/