[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] [ MDVSA-2010:032 ] rootcerts
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] [ MDVSA-2010:032 ] rootcerts
- From: security@xxxxxxxxxxxx
- Date: Thu, 04 Feb 2010 17:01:00 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:032
http://www.mandriva.com/security/
_______________________________________________________________________
Package : rootcerts
Date : February 4, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
It was brought to our attention by Ludwig Nussel at SUSE the md5
collision certificate should not be included. This update removes
the offending certificate.
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The mozilla nss library has consequently been rebuilt to pickup these
changes and are also being provided.
_______________________________________________________________________
References:
http://www.phreedom.org/research/rogue-ca/
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
c0be9cd2cbe32ecf0cbe9efcc6b48bcf
2008.0/i586/libnss3-3.12.3.1-0.3mdv2008.0.i586.rpm
4c85c05a4963b29efbe93324a73c0119
2008.0/i586/libnss-devel-3.12.3.1-0.3mdv2008.0.i586.rpm
78ea532897f095f3f0d022fb5196b310
2008.0/i586/libnss-static-devel-3.12.3.1-0.3mdv2008.0.i586.rpm
faa1a9f6d4ea0779c50d89b0995eb878
2008.0/i586/nss-3.12.3.1-0.3mdv2008.0.i586.rpm
b97cacbe47f6f4621bdf001c1a52279f
2008.0/i586/rootcerts-20091203.04-1mdv2008.0.i586.rpm
b77f8a14ff4d042fb56df39fcdc8c6b4
2008.0/SRPMS/nss-3.12.3.1-0.3mdv2008.0.src.rpm
fc9bc5da8d92ed59ca9e1116fc1e1066
2008.0/SRPMS/rootcerts-20091203.04-1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
ac8d7f4bcc518b7b114708e04ef2a81c
2008.0/x86_64/lib64nss3-3.12.3.1-0.3mdv2008.0.x86_64.rpm
7fd80d8e75bc863e8cc156f8eda34c99
2008.0/x86_64/lib64nss-devel-3.12.3.1-0.3mdv2008.0.x86_64.rpm
7e257ca13d9b4e5671e12014f8454fcd
2008.0/x86_64/lib64nss-static-devel-3.12.3.1-0.3mdv2008.0.x86_64.rpm
2890ad45cde084278e6c1aa41518616f
2008.0/x86_64/nss-3.12.3.1-0.3mdv2008.0.x86_64.rpm
1f4c8926245d72f28ee8f558367cb310
2008.0/x86_64/rootcerts-20091203.04-1mdv2008.0.x86_64.rpm
b77f8a14ff4d042fb56df39fcdc8c6b4
2008.0/SRPMS/nss-3.12.3.1-0.3mdv2008.0.src.rpm
fc9bc5da8d92ed59ca9e1116fc1e1066
2008.0/SRPMS/rootcerts-20091203.04-1mdv2008.0.src.rpm
Mandriva Linux 2009.0:
1e7275412d2d4b737a3aa661bb5b0c50
2009.0/i586/libnss3-3.12.3.1-0.3mdv2009.0.i586.rpm
2f253257d1140719dbccf85637373c2b
2009.0/i586/libnss-devel-3.12.3.1-0.3mdv2009.0.i586.rpm
65eca7cfcce65b60e69e95e8ba751621
2009.0/i586/libnss-static-devel-3.12.3.1-0.3mdv2009.0.i586.rpm
fa8c65e3c9907d1a7724b749acd2b665
2009.0/i586/nss-3.12.3.1-0.3mdv2009.0.i586.rpm
67dc4b43b2c5b258673fcd164a9b9c4d
2009.0/i586/rootcerts-20091203.04-1mdv2009.0.i586.rpm
4186a8c454fae03ce21ef73a73e27a4d
2009.0/i586/rootcerts-java-20091203.04-1mdv2009.0.i586.rpm
5b7822e13fb0b95668be13e39158e069
2009.0/SRPMS/nss-3.12.3.1-0.3mdv2009.0.src.rpm
8ba6271c1c615620593cd84e1d173d00
2009.0/SRPMS/rootcerts-20091203.04-1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
20c00afa062067ab98741c44f319afb1
2009.0/x86_64/lib64nss3-3.12.3.1-0.3mdv2009.0.x86_64.rpm
a4251bc21bf5af1c08509d2bd9c76212
2009.0/x86_64/lib64nss-devel-3.12.3.1-0.3mdv2009.0.x86_64.rpm
81a3bbe448dc979799f6062b3fe0c2c6
2009.0/x86_64/lib64nss-static-devel-3.12.3.1-0.3mdv2009.0.x86_64.rpm
913011d490c5147d3b1ee34ba8be1ab2
2009.0/x86_64/nss-3.12.3.1-0.3mdv2009.0.x86_64.rpm
10e756644972160ea696dddf9c96803f
2009.0/x86_64/rootcerts-20091203.04-1mdv2009.0.x86_64.rpm
d67b2fdc4ed9bfbe87dcd57df0187038
2009.0/x86_64/rootcerts-java-20091203.04-1mdv2009.0.x86_64.rpm
5b7822e13fb0b95668be13e39158e069
2009.0/SRPMS/nss-3.12.3.1-0.3mdv2009.0.src.rpm
8ba6271c1c615620593cd84e1d173d00
2009.0/SRPMS/rootcerts-20091203.04-1mdv2009.0.src.rpm
Mandriva Linux 2009.1:
df7500efc910c929ff5ba7746c6dabeb
2009.1/i586/libnss3-3.12.3.1-0.3mdv2009.1.i586.rpm
d3b0b27b327cb504cd4b05777ed55fa8
2009.1/i586/libnss-devel-3.12.3.1-0.3mdv2009.1.i586.rpm
4323ce43b907753870dc288d7f2e640e
2009.1/i586/libnss-static-devel-3.12.3.1-0.3mdv2009.1.i586.rpm
cd365d77dd94c02912d469ce5215beb5
2009.1/i586/nss-3.12.3.1-0.3mdv2009.1.i586.rpm
0570308849f28b09a876d72fc47836e6
2009.1/i586/rootcerts-20091203.04-1mdv2009.1.i586.rpm
2dedbde7d658cf77b302ad9f7b051357
2009.1/i586/rootcerts-java-20091203.04-1mdv2009.1.i586.rpm
1f4f9447cce88026fc67d3dbd2413de3
2009.1/SRPMS/nss-3.12.3.1-0.3mdv2009.1.src.rpm
e6acad2a8a3e795c19a885c9a8e77e30
2009.1/SRPMS/rootcerts-20091203.04-1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
38948df2bcdfc9b34cadc1b16a0f67a9
2009.1/x86_64/lib64nss3-3.12.3.1-0.3mdv2009.1.x86_64.rpm
e2f6989e17ab71c6d24b29cc543ea7af
2009.1/x86_64/lib64nss-devel-3.12.3.1-0.3mdv2009.1.x86_64.rpm
c7b8d609c5fc1f11bfc5ee743906e288
2009.1/x86_64/lib64nss-static-devel-3.12.3.1-0.3mdv2009.1.x86_64.rpm
c221f46ba77caacd158708e3a913d211
2009.1/x86_64/nss-3.12.3.1-0.3mdv2009.1.x86_64.rpm
29a5204bfa28b1cccbf1c071047d2073
2009.1/x86_64/rootcerts-20091203.04-1mdv2009.1.x86_64.rpm
dc7d3c85103609c70b755d9a21938563
2009.1/x86_64/rootcerts-java-20091203.04-1mdv2009.1.x86_64.rpm
1f4f9447cce88026fc67d3dbd2413de3
2009.1/SRPMS/nss-3.12.3.1-0.3mdv2009.1.src.rpm
e6acad2a8a3e795c19a885c9a8e77e30
2009.1/SRPMS/rootcerts-20091203.04-1mdv2009.1.src.rpm
Mandriva Linux 2010.0:
2be08ef724b95d7a6e704321e07fa10e
2010.0/i586/libnss3-3.12.4-2.2mdv2010.0.i586.rpm
ed12884eced5f6cd0c508c7f99a1da21
2010.0/i586/libnss-devel-3.12.4-2.2mdv2010.0.i586.rpm
632d90069e3f168a56d1154c9614d907
2010.0/i586/libnss-static-devel-3.12.4-2.2mdv2010.0.i586.rpm
a086ad0e94373ba3c41d14e30adbe9d0 2010.0/i586/nss-3.12.4-2.2mdv2010.0.i586.rpm
e984c6277a2652bce16c386291ca9f14
2010.0/i586/rootcerts-20091203.04-1mdv2010.0.i586.rpm
de701ae417835f8d258ba4920af03ce2
2010.0/i586/rootcerts-java-20091203.04-1mdv2010.0.i586.rpm
c90c11d64a63966caff483436d1369a2 2010.0/SRPMS/nss-3.12.4-2.2mdv2010.0.src.rpm
0366a795cffe41abf644a4d251fd5cd1
2010.0/SRPMS/rootcerts-20091203.04-1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
0f7bad4f8db6fbc5b46345b616569f82
2010.0/x86_64/lib64nss3-3.12.4-2.2mdv2010.0.x86_64.rpm
a3780118c20d0968b697768078a91140
2010.0/x86_64/lib64nss-devel-3.12.4-2.2mdv2010.0.x86_64.rpm
bd97fde246cfaa89521d1fe519ac504f
2010.0/x86_64/lib64nss-static-devel-3.12.4-2.2mdv2010.0.x86_64.rpm
555dfd2280715adf5ecf878392f412f7
2010.0/x86_64/nss-3.12.4-2.2mdv2010.0.x86_64.rpm
a85ef46a3f7390e525499da8cb517b28
2010.0/x86_64/rootcerts-20091203.04-1mdv2010.0.x86_64.rpm
f10c590d898002ef12a7836a6c946810
2010.0/x86_64/rootcerts-java-20091203.04-1mdv2010.0.x86_64.rpm
c90c11d64a63966caff483436d1369a2 2010.0/SRPMS/nss-3.12.4-2.2mdv2010.0.src.rpm
0366a795cffe41abf644a4d251fd5cd1
2010.0/SRPMS/rootcerts-20091203.04-1mdv2010.0.src.rpm
Mandriva Enterprise Server 5:
9fa3e7b43ab7dd6b71e93f7d7a530d9b
mes5/i586/libnss3-3.12.3.1-0.3mdvmes5.i586.rpm
17c13b7371d4461e4590f3296b164d01
mes5/i586/libnss-devel-3.12.3.1-0.3mdvmes5.i586.rpm
fa7e5b35446a4b15fee350e4eb6469de
mes5/i586/libnss-static-devel-3.12.3.1-0.3mdvmes5.i586.rpm
5d47263f3e2fe1d6eca529fbc41e1a45 mes5/i586/nss-3.12.3.1-0.3mdvmes5.i586.rpm
be3d17c8e3b70b2eea882d145a15ad3c
mes5/i586/rootcerts-20091203.04-1mdvmes5.i586.rpm
afb96495ab464ee24a66857b3a81d56b
mes5/i586/rootcerts-java-20091203.04-1mdvmes5.i586.rpm
f62814393267a1208020f4d0033dd525 mes5/SRPMS/nss-3.12.3.1-0.3mdvmes5.src.rpm
73ce2343464a93c3bc85b07a8781fd2e
mes5/SRPMS/rootcerts-20091203.04-1mdv2010.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
9d251b020faa05a233856ccae1ca5e4e
mes5/x86_64/lib64nss3-3.12.3.1-0.3mdvmes5.x86_64.rpm
78e80398614e4f7968c9617a3020829a
mes5/x86_64/lib64nss-devel-3.12.3.1-0.3mdvmes5.x86_64.rpm
566d190a3eb0a7aa9465ef58eb228b18
mes5/x86_64/lib64nss-static-devel-3.12.3.1-0.3mdvmes5.x86_64.rpm
9ceff03efa5892bfef7032a2261ee136
mes5/x86_64/nss-3.12.3.1-0.3mdvmes5.x86_64.rpm
5d5e4319fdc03572a356934a61879e86
mes5/x86_64/rootcerts-20091203.04-1mdvmes5.x86_64.rpm
84cd50aafe7321078026fb9a82ee2c33
mes5/x86_64/rootcerts-java-20091203.04-1mdvmes5.x86_64.rpm
f62814393267a1208020f4d0033dd525 mes5/SRPMS/nss-3.12.3.1-0.3mdvmes5.src.rpm
73ce2343464a93c3bc85b07a8781fd2e
mes5/SRPMS/rootcerts-20091203.04-1mdv2010.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLasA8mqjQ0CJFipgRAvWTAJ9q+4DLAscYRneWfm/GEfwYzIWJngCglu3b
6Ze+ZosQNiAPdmdu0mRM2Pk=
=xf3+
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/