[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[USN-810-2] NSS regression

To: ubuntu-security-announce@xxxxxxxxxxxxxxxx
Subject: [USN-810-2] NSS regression
From: Kees Cook <kees@xxxxxxxxxx>
Date: Tue, 1 Sep 2009 18:16:13 -0700
===========================================================
Ubuntu Security Notice USN-810-2         September 02, 2009
nss regression
https://launchpad.net/bugs/409864
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  libnss3-1d                      3.12.3.1-0ubuntu0.8.04.2

Ubuntu 8.10:
  libnss3-1d                      3.12.3.1-0ubuntu0.8.10.2

Ubuntu 9.04:
  libnss3-1d                      3.12.3.1-0ubuntu0.9.04.2

After a standard system upgrade you need to restart any applications that
use NSS, such as Firefox, to effect the necessary changes.

Details follow:

USN-810-1 fixed vulnerabilities in NSS.  Jozsef Kadlecsik noticed that
the new libraries on amd64 did not correctly set stack memory flags,
and caused applications using NSS (e.g. Firefox) to have an executable
stack. This reduced the effectiveness of some defensive security
protections.  This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 Moxie Marlinspike discovered that NSS did not properly handle regular
 expressions in certificate names. A remote attacker could create a
 specially crafted certificate to cause a denial of service (via application
 crash) or execute arbitrary code as the user invoking the program.
 (CVE-2009-2404)

 Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did
 not properly handle certificates with NULL characters in the certificate
 name. An attacker could exploit this to perform a man in the middle attack
 to view sensitive information or alter encrypted communications.
 (CVE-2009-2408)

 Dan Kaminsky discovered NSS would still accept certificates with MD2 hash
 signatures. As a result, an attacker could potentially create a malicious
 trusted certificate to impersonate another site. (CVE-2009-2409)


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.2.diff.gz
      Size/MD5:    37655 e64b043a01d0e7daf6bb65204f26d8b0
    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.2.dsc
      Size/MD5:     1008 8a24bd65b71653c370ee2465fb0e5a72
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz
      Size/MD5:  5316068 cc5607243fdfdbc80ebbbf6dbb33f784

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.2_amd64.deb
      Size/MD5:    18338 5120cc7f89e608b0b6ff8555cbe30053
    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.2_amd64.deb
      Size/MD5:  3166314 23ff5a3e893029f31a09f4ab76eb4859
    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.2_amd64.deb
      Size/MD5:  1147172 bc387e5fb7f699ba9b5d60f1fde92264
    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.2_amd64.deb
      Size/MD5:   257894 dc77d3e6ab408d4637387e4bea4af785
    
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.2_amd64.deb
      Size/MD5:   312636 e888713d46b0c771ab736b28c77dc131

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.2_i386.deb
      Size/MD5:    18306 9d586744b66ee55defa95ffa440768ce
    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.2_i386.deb
      Size/MD5:  3012638 2461ab65482203195c2dcfc66af2f4ee
    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.2_i386.deb
      Size/MD5:  1040140 47882c0d3d2f5b21c9fe82babb8f440e
    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.2_i386.deb
      Size/MD5:   254986 203a63ee2717335eceb721facaf1508d
    
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.2_i386.deb
      Size/MD5:   295214 66e9264a666a83fca9847414d48ac760

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.2_lpia.deb
      Size/MD5:    18298 feef4b1491cd185b5f3288294823f5f3
    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.2_lpia.deb
      Size/MD5:  3042042 377b3815135cfd7282063efb9e51230e
    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.2_lpia.deb
      Size/MD5:  1016320 44680d617fd1ab1cb2da49f6d9e97aa1
    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.2_lpia.deb
      Size/MD5:   253690 aabbf2d4e97c7b2484bd204d164e24d0
    
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.2_lpia.deb
      Size/MD5:   292588 4c967b30f7a3fb57d8854df8a79bd379

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.2_powerpc.deb
      Size/MD5:    20786 9ce81e2cea44fef0f6faf2fdd5171623
    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.2_powerpc.deb
      Size/MD5:  3125854 697fffc58a744fe15f7fd9f168ca9733
    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.2_powerpc.deb
      Size/MD5:  1143970 8f92496cb9f162cc157ebe989e2b3fb0
    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.2_powerpc.deb
      Size/MD5:   256716 08d9924b808f9ceb5054fa96b83ed1ab
    
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.2_powerpc.deb
      Size/MD5:   325026 7c4cee2fb1e099aa8b04b20fbad7566a

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.2_sparc.deb
      Size/MD5:    18408 8db62c70395cff75f2bb89de95e73881
    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.2_sparc.deb
      Size/MD5:  2834732 1f0c58ae1fae93bff8544a174ff536bb
    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.2_sparc.deb
      Size/MD5:  1020050 d162fccf68e82cf9ebced93bb46f2809
    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.2_sparc.deb
      Size/MD5:   251696 9cc85bbdf62ea769b2cd60e1052aabd4
    
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.2_sparc.deb
      Size/MD5:   299608 557d429224fdcc935e71fc64b3ac47ff

Updated packages for Ubuntu 8.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.2.diff.gz
      Size/MD5:    33119 fe83a32ef210370566ccb411aa48fe54
    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.2.dsc
      Size/MD5:     1412 451fa76bfb507e1269fee26218141551
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz
      Size/MD5:  5316068 cc5607243fdfdbc80ebbbf6dbb33f784

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.2_amd64.deb
      Size/MD5:  3310704 efec40c9fdc2b0ce66fda361c1aba543
    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.2_amd64.deb
      Size/MD5:  1195180 63cee7f4eda8ffb4c0c3523ac9c6ad91
    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.2_amd64.deb
      Size/MD5:   257682 05088498123a0736834f5c3c22c5cf46
    
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.2_amd64.deb
      Size/MD5:    18406 ba1d9dae921d0b52ce87adf573eded44
    
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.2_amd64.deb
      Size/MD5:   317148 db5eeeea33c98f32dd12b5e76b745355

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.2_i386.deb
      Size/MD5:  3137376 b6f8c176fb6d3805f329550e939a7c58
    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.2_i386.deb
      Size/MD5:  1077028 6ce44322395faa4a3fcbdde41ee5e68e
    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.2_i386.deb
      Size/MD5:   254812 771285009e0fdbb6ad1272d631906204
    
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.2_i386.deb
      Size/MD5:    18370 37815dfc4cfe17039df586a98428c93d
    
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.2_i386.deb
      Size/MD5:   300312 898cf2f8d5eefe3b3beca32df52b94bf

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.2_lpia.deb
      Size/MD5:  3173916 13a0a5a89a4bf8299357ebd828112ddf
    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.2_lpia.deb
      Size/MD5:  1050862 a5ed8d7e53cc98fe1ebe24e33994cd53
    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.2_lpia.deb
      Size/MD5:   253322 db070f03d5f4e0fa7ca62b4076feb1a5
    
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.2_lpia.deb
      Size/MD5:    18346 f3cb5c7f8c0cccaeced8d8bbc63ac9b3
    
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.2_lpia.deb
      Size/MD5:   296258 ee56f8195c14ebe9a3b30e26c9a31dd8

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.2_powerpc.deb
      Size/MD5:  3284490 3e9567373c1d8a407184c3454cdbdee2
    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.2_powerpc.deb
      Size/MD5:  1165908 aea197dd9fbb3c5cd9e76bd8a7411214
    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.2_powerpc.deb
      Size/MD5:   256530 7a3e87d818c828f4d4b98aff841f77cf
    
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.2_powerpc.deb
      Size/MD5:    20780 32b3073b20ab252ccf7892d92b2dd76f
    
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.2_powerpc.deb
      Size/MD5:   320830 cd055119a68308f42a29fe551217819b

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.2_sparc.deb
      Size/MD5:  2942786 dc36959a5a02fdc2068e10bbf811a2b3
    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.2_sparc.deb
      Size/MD5:  1038452 147a34131c51deb6bb74264eadb1c3ba
    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.2_sparc.deb
      Size/MD5:   251344 ff7eff0cd42a95f044ed3cc539d61532
    
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.2_sparc.deb
      Size/MD5:    18506 5fc6b96c8d8555457e39b6b0cdd52713
    
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.2_sparc.deb
      Size/MD5:   301552 95ef3e3b2679ceea72e97cfe0ea12762

Updated packages for Ubuntu 9.04:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.2.diff.gz
      Size/MD5:    36540 f42b1d62ed98ee110c10954b55902c63
    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.2.dsc
      Size/MD5:     1412 b85ff4f8dbe0432df858f415bf48bff0
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz
      Size/MD5:  5316068 cc5607243fdfdbc80ebbbf6dbb33f784

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.2_amd64.deb
      Size/MD5:  3309826 9dcbef4357653044d8b25731a1d130b9
    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.2_amd64.deb
      Size/MD5:  1196818 929ca127030a1c1d42f662f5692da089
    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.2_amd64.deb
      Size/MD5:   258356 4fadbc6290fc184158a9a724cf82940f
    
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.2_amd64.deb
      Size/MD5:    17536 4369982ce7f6ce3e9e899d6506114911
    
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.2_amd64.deb
      Size/MD5:   317782 661b518dd87a1b7057c3b36a6a0cb746

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.2_i386.deb
      Size/MD5:  3137640 bed2f6981fa4c243873b999fc5c7502c
    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.2_i386.deb
      Size/MD5:  1078426 512252fb2ac440c37aa899392776d581
    
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.2_i386.deb
      Size/MD5:   255444 2cd57c0a08300355ee3e1afd8e161923
    
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.2_i386.deb
      Size/MD5:    17534 4dd67a9b274b61230afbfe5b40437184
    
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.2_i386.deb
      Size/MD5:   300900 c20821c5fa989f906188e73e557876b3

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.2_lpia.deb
      Size/MD5:  3171624 9698ffc8645b5ecdb03746d567bf575f
    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.2_lpia.deb
      Size/MD5:  1052256 7c3f11b222fc420ea53b02ce30aa13e0
    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.2_lpia.deb
      Size/MD5:   253972 c734ddc4fa68d6bdbae8bfab4a0b44af
    
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.2_lpia.deb
      Size/MD5:    17530 78eb3d97799199999c96f44c33a91487
    
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.2_lpia.deb
      Size/MD5:   296900 483e370ded82ed6a038fb719726d5524

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.2_powerpc.deb
      Size/MD5:  3282350 7c9b8a3b8754b3ced78e56e4561e0ef5
    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.2_powerpc.deb
      Size/MD5:  1167974 0d5b73714c4bc7803889a383d2979fdb
    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.2_powerpc.deb
      Size/MD5:   257192 8369a4b0fa1846dea82673ad50ff77a6
    
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.2_powerpc.deb
      Size/MD5:    17544 ea286e5376301bb7d6066153b23834fa
    
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.2_powerpc.deb
      Size/MD5:   321510 4af0bf6942079e5d3fa4119f43a85ab7

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.2_sparc.deb
      Size/MD5:  2942220 4d7c1d6e6b96d5b40f974a635c6a7f2d
    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.2_sparc.deb
      Size/MD5:  1039542 5cb75a79da1dd8fbebecd78534ed3736
    
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.2_sparc.deb
      Size/MD5:   251998 00b0e28d20dd45068e1403d7e3191fab
    
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.2_sparc.deb
      Size/MD5:    17532 402a209aaebb2ab84200d5bcf1145c0d
    
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.2_sparc.deb
      Size/MD5:   301942 f5655e1c3da7303bde30982520882422
Attachment: signature.asc
Description: Digital signature
Prev by Date: Re[2]: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday
Next by Date: Re: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday
Previous by thread: [USN-827-1] Dnsmasq vulnerabilities
Next by thread: Re: [Full-disclosure] Microsoft Internet Information Server ftpd zeroday
Index(es):
- Date
- Thread