[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[USN-810-2] NSPR update

To: ubuntu-security-announce@xxxxxxxxxxxxxxxx
Subject: [USN-810-2] NSPR update
From: Jamie Strandboge <jamie@xxxxxxxxxxxxx>
Date: Tue, 4 Aug 2009 17:00:59 -0500
===========================================================
Ubuntu Security Notice USN-810-2            August 04, 2009
nspr update
https://launchpad.net/bugs/387745
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  libnspr4-0d                     4.7.5-0ubuntu0.8.04.1

Ubuntu 8.10:
  libnspr4-0d                     4.7.5-0ubuntu0.8.10.1

Ubuntu 9.04:
  libnspr4-0d                     4.7.5-0ubuntu0.9.04.1

After a standard system upgrade you need to restart any applications that
use NSPR, such as Firefox, to effect the necessary changes.

Details follow:

USN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR
needed to use the new NSS.

Original advisory details:

 Moxie Marlinspike discovered that NSS did not properly handle regular
 expressions in certificate names. A remote attacker could create a
 specially crafted certificate to cause a denial of service (via application
 crash) or execute arbitrary code as the user invoking the program.
 (CVE-2009-2404)
 
 Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did
 not properly handle certificates with NULL characters in the certificate
 name. An attacker could exploit this to perform a man in the middle attack
 to view sensitive information or alter encrypted communications.
 (CVE-2009-2408)
 
 Dan Kaminsky discovered NSS would still accept certificates with MD2 hash
 signatures. As a result, an attacker could potentially create a malicious
 trusted certificate to impersonate another site. (CVE-2009-2409)


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.8.04.1.diff.gz
      Size/MD5:    28600 f5f43fa3b9d3a04dbffb0ef9709ab280
    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.8.04.1.dsc
      Size/MD5:     1897 cf92002fb8cbfb273386db008bc89211
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5.orig.tar.gz
      Size/MD5:  1292677 f76d459a9e589d41d65314357a853783

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:   287340 52cd782233986f6e9581c0796ce7910b
    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:   133030 19179d5f57e329a94da0a05f4fd7573c
    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.04.1_amd64.deb
      Size/MD5:   272838 bc0196007756817734ebe7d2b87a8174

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.04.1_i386.deb
      Size/MD5:   279148 1a63f70ffc48b505bb0eeeebbd02b057
    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.04.1_i386.deb
      Size/MD5:   121924 8a034208fd5fceccae0dc656cd34c068
    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.04.1_i386.deb
      Size/MD5:   259376 961e2309b182b0a7bcd590e594fa1739

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:   282284 4c60ef9d0a36c4ae3919f21ff2fb44fc
    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:   120356 d9e14f3ca957970653dea7c689978727
    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.04.1_lpia.deb
      Size/MD5:   255030 95130f3868815b4900af62bb553d251f

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:   288864 b51b9a1c6249691cd645304ea4fb9621
    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:   137250 9a239dbea8743626ae8642a4fdcebf52
    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.04.1_powerpc.deb
      Size/MD5:   266696 18bf93095bd95a1e0620b0493de4ad97

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.04.1_sparc.deb
      Size/MD5:   264952 b1028f1db41955f44c0d6f0e07187ee5
    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.04.1_sparc.deb
      Size/MD5:   119080 1b2a624c52570dbe01d9e294346e90d5
    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.04.1_sparc.deb
      Size/MD5:   254952 bd0583da8f3dca1041f69c3f549d80b5

Updated packages for Ubuntu 8.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.8.10.1.diff.gz
      Size/MD5:    28491 8834f389b484628a18e102188d5c7665
    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.8.10.1.dsc
      Size/MD5:     1897 97dfedceda1419df2257fc774c47a984
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5.orig.tar.gz
      Size/MD5:  1292677 f76d459a9e589d41d65314357a853783

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.10.1_amd64.deb
      Size/MD5:   299002 4e9566ba8e6ef664a7d2615ab167feb0
    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.10.1_amd64.deb
      Size/MD5:   135022 7c75ef02983986004da0b9e7dade98c5
    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.10.1_amd64.deb
      Size/MD5:   274444 927baa6dfd7ae6075589b04442f5d6a6

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.10.1_i386.deb
      Size/MD5:   289110 a0e25f90449244c1446eb827a9c4cb39
    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.10.1_i386.deb
      Size/MD5:   124698 c72513189f3683dc1ed08e75dd89e20e
    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.10.1_i386.deb
      Size/MD5:   262034 8162a01064d4b65e5019596fcda7fc7a

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.10.1_lpia.deb
      Size/MD5:   293690 fcfe73ee99110af5f749cf8ae92b4d8d
    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.10.1_lpia.deb
      Size/MD5:   122610 e28d9da522294e3d7d459a7d86528cfd
    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.10.1_lpia.deb
      Size/MD5:   257476 fde686b087143379964a1c35e787fc57

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5:   300892 aad5920f4959ef255f48089bc93a3fbe
    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5:   139818 64554ad09b1c86ccc1de1ba320f3762a
    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.10.1_powerpc.deb
      Size/MD5:   270372 c729bf5eea000659f680845ae6422f0f

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.10.1_sparc.deb
      Size/MD5:   274950 976e753f8780d59615f6f6f62f59574f
    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.10.1_sparc.deb
      Size/MD5:   119878 707cae52c164a76b44cd92a955a50841
    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.10.1_sparc.deb
      Size/MD5:   255590 23cd93eb4d321ad7aeb7bbd5d275d5e4

Updated packages for Ubuntu 9.04:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.9.04.1.diff.gz
      Size/MD5:    26576 f80bef0c81223bca073c69a2161e01c6
    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.9.04.1.dsc
      Size/MD5:     1897 7aeb5dc43aad09eec88e30b19956200a
    http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5.orig.tar.gz
      Size/MD5:  1292677 f76d459a9e589d41d65314357a853783

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:   299640 4231966ae422ae9034f53fe9a87ca374
    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:   136538 86d92ee8b171759788a9677fd7d77ef9
    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.9.04.1_amd64.deb
      Size/MD5:   275612 78d4689f573a4a9394456872c4fd928d

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.9.04.1_i386.deb
      Size/MD5:   289990 9888e6ac77563dbd7504557ddd33b4be
    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.9.04.1_i386.deb
      Size/MD5:   126268 16a827cca1d160874869b7877dd1d542
    
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.9.04.1_i386.deb
      Size/MD5:   263208 181b6a6adc98e8dca59890ee4ee83de1

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:   294318 f46216ed1d3803d7e35716fd279b92ae
    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:   124262 8a4732b18edf81700441511ac4274998
    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.9.04.1_lpia.deb
      Size/MD5:   258582 b470aee3e87e3b673dde8380f064d9fb

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:   301800 19cfebb4f279d80f81fc59d0ff6ef665
    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:   141394 afcd40f1c528c01735be1f0b6c059e58
    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.9.04.1_powerpc.deb
      Size/MD5:   271416 8263b766f3794c583d49c4fe873e3b5a

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:   275842 f09fa3c70ef849f11acbe05e52f56473
    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:   121354 f5d3853a01640fffbcd28610fa609c8e
    
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.9.04.1_sparc.deb
      Size/MD5:   256652 fa320131d8e8c22571cff5974a1e63eb
Attachment: signature.asc
Description: Digital signature
Prev by Date: [USN-810-1] NSS vulnerabilities
Next by Date: [USN-811-1] Firefox and Xulrunner vulnerability
Previous by thread: [USN-810-1] NSS vulnerabilities
Next by thread: [USN-811-1] Firefox and Xulrunner vulnerability
Index(es):
- Date
- Thread