=========================================================== Ubuntu Security Notice USN-810-1 August 04, 2009 nss vulnerabilities CVE-2009-2404, CVE-2009-2408, CVE-2009-2409 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libnss3-1d 3.12.3.1-0ubuntu0.8.04.1 Ubuntu 8.10: libnss3-1d 3.12.3.1-0ubuntu0.8.10.1 Ubuntu 9.04: libnss3-1d 3.12.3.1-0ubuntu0.9.04.1 After a standard system upgrade you need to restart an applications that use NSS, such as Firefox, to effect the necessary changes. Details follow: Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404) Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408) Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.1.diff.gz Size/MD5: 37286 f4041d128d758f5506197b1cf0f1214f http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.1.dsc Size/MD5: 2012 401475ce9f7efa228d7b61671aa69c11 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 18232 49a5581a19be7771ecdc65fb943e86d7 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 3166090 074734f6e0fd51257999bdc0e38010f3 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 1147016 ddc8dfd4f0cc77c129c5bb4b18b6612c http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 257780 f6d735c7c95478fe2992178e0d7781d4 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 312528 05d78cad52b8c5464350c9b191528e0e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 18200 2c088a165372b431416a5b6d9f54b80b http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 3012554 50978f6f10b9f4c3918822d864d41aed http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 1040016 f0a52f96bd4f7bb7d8001b7ca5ace8d0 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 254880 c2151ff8a86f4119fcefa1f6c9ee7add http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 295096 f6fde2292ca35df9e6cac822d158e512 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 18190 cbc624cedbae82a39d3c47aaa8ffee38 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 3041822 533fda14ea785417cababc58419a8fec http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 1016224 1ed477ec2ffe3ac642cb7c29413842ab http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 253574 b9756509dcdeea8433a0f6bbe2dc27b7 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 292466 55f2cf8c33f19f17cae613aca3ce71c1 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 20678 a26907dda711e1d13e8d597bee4689e0 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 3125800 102117180150342cecff38e653963f66 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 1143852 f96cab41f4bf24cf4fa4686b3a963464 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 256600 e19a891112bea8df4f27fe569da9c951 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 324934 9aaac74bc3f6ec7f990f78d556c5ec09 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 18292 7e17d87ea08f93759ed7784705d82453 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 2834720 02b6284e651dcf2e6556378dcb730689 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 1019944 ee1829f9195609b3912994fc76788243 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 251578 09583a51b0814b53959af6d79a1b4f8c http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 299484 0d12ed86aae10c56300bd7cefb2884ef Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.1.diff.gz Size/MD5: 32769 d4e1fb5ca38687ad1e7532c457febc11 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.1.dsc Size/MD5: 2012 f98ccd513ae480ac7b56d7a4793758d3 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 3310610 9f8e4b95d1019e3956a88745ce3888c4 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 1195070 21daa67a1f51cc4a942e41beb2da001f http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 257586 89d972c2b67679eca265abac76d0687d http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 18296 8c1d95902c4f0e85c47a3ca941f0b48a http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 317026 11f10cc940951638cf5cac0e6e2f7ded i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 3137262 2ae6e2fa5e934a5fa27e14cedcdc74b6 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 1076898 59318f3e92b12686695704ef33074dc0 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 254686 b0dc3ec378ea87afff4a6d46fafca34f http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 18248 7a86d451f0cc722f66ca51f9894c81e2 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 300214 88f4442427f4ad5b1e507f24a872d7d5 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 3173686 65714f22fc4908727cd58fa917cff249 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 1050748 c55a36fa65b311364ddfc5f9bcacc3e9 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 253226 0b49775e55163a5c6fa22fba288eded7 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 18220 8fd881d7744299014a919437d9edaf87 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 296154 fce2927b08d43ba6d2188bf927dfb4d6 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 3284430 e411ebc5e3848a9a28fdb7bcf55af833 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 1165792 f6a9ba644f3fb0cd888bf4b425522633 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 256434 19a95ab61e462058ecaf05cbebd11c8a http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 20666 abe014ba1940180af1051006e4d293fd http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 320710 0f3c730279a7e731e72986d15fa2fcc2 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 2942578 3d396922de5283db749fd41036403ead http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 1038356 9d291947a8ef7d02c8c1a9746c1309d4 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 251226 c09de8036a434e93488b5c1b77108246 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 18380 0d18623f50973af22fd4e44e0d042bf4 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 301438 430f4a9aef7a540fac80629656572ea9 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.1.diff.gz Size/MD5: 35980 b64ec10add3d7fbbc7335b0f85b9fb00 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.1.dsc Size/MD5: 2012 a889688996d5530e8bf1eb181683137e http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 3309788 d48afcfa4139fe94b4c0af67c8d9c850 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 1196740 7ace44202680241529edaeb226d0dec1 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 258240 54d581c61ba7608526790263545e1b1c http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 17404 bfbb39c275bb15dcef644991c6af7e7b http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 317668 9d55ed9607359667cf963e04ccb834d5 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 3137602 af5d5d420c440bf53de79f8952ee17d0 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 1078336 706162a5436e733e4ce57d51baf163fb http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 255338 140b54235689f93baa3971add5401a42 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 17412 fb6ca266988f45378c41455fa5207a85 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 300808 7b06b74c327641634d4f8f1f61b7d432 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 3171676 ad44dc80ef0066d3da2edede234b0210 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 1052136 727ab68dd03bec2ae01b4611c5f98309 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 253840 15198ca066b229b42ced8cb5f4307a53 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 17408 fdf85ab9c62a3d3999d4f49bf0172243 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 296796 ecc392b5e6b2b2b5b5ef6d9f93f3ad30 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 3282216 5399927c4f40c9369fcb58d3038cc3ec http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 1167866 477cd3a3cb2ec7c5cf791208e096de93 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 257080 85844f856588609fba74ec37044f9c35 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 17410 98059af1adbd24026a4dab4faa27ddd1 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 321372 b7afef4b3c7dc27dceb12668458629d8 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 2942004 2e8c7c62ef1119b9326564fe50389b8d http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 1039416 ad6d7c7f3a2301c7e46a1102098fdbaf http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 251874 4a70da68d8ae2e444b7aaf6836d50eba http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 17410 9921067423eeb95bea428bf9f471559c http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 301814 302527f9bbcb164d12b13d25719a9ab9
Attachment:
signature.asc
Description: Digital signature