Debian: DSA-1874-1: New nss packages fix several vulnerabilities

    Date26 Aug 2009
    CategoryDebian
    88
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the Network Security Service libraries. The Common Vulnerabilities and Exposures project identifies the following problems:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1874-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                       Moritz Muehlenhoff
    August 26, 2009                       http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : nss
    Vulnerability  : several
    Problem type   : local(remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2009-2404 CVE-2009-2408 CVE-2009-2409
    
    Several vulnerabilities have been discovered in the Network Security
    Service libraries. The Common Vulnerabilities and Exposures project
    identifies the following problems:
    
    CVE-2009-2404
    
       Moxie Marlinspike discovered that a buffer overflow in the regular
       expression parser could lead to the execution of arbitrary code.
    
    CVE-2009-2408
    
       Dan Kaminsky discovered that NULL characters in certificate
       names could lead to man-in-the-middle attacks by tricking the user
       into accepting a rogue certificate.
    
    CVE-2009-2409
    
       Certificates with MD2 hash signatures are no longer accepted
       since they're no longer considered cryptograhically secure.
    
    
    The old stable distribution (etch) doesn't contain nss.
    
    For the stable distribution (lenny), these problems have been fixed in
    version 3.12.3.1-0lenny1.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 3.12.3.1-1.
    
    We recommend that you upgrade your nss packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1-0lenny1.dsc
        Size/MD5 checksum:     1401 1dbc1107598064214fa689733495c56c
      http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1.orig.tar.gz
        Size/MD5 checksum:  5320607 750839c9c018a0984fd94f7a9cc3dd7f
      http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1-0lenny1.diff.gz
        Size/MD5 checksum:    52489 96f62370296f7d18a9748429ac99525f
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_alpha.deb
        Size/MD5 checksum:  3048842 6b764e28ae56542572a4275e50c4d303
      http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_alpha.deb
        Size/MD5 checksum:   267250 b00f4c63a8d27a54fb562029411daf0e
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_alpha.deb
        Size/MD5 checksum:  1204106 c8ba098d6cc0af39ab93cd728ca7bb19
      http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_alpha.deb
        Size/MD5 checksum:   342544 2191bbcd5708f719392c8489bde7a0c6
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_amd64.deb
        Size/MD5 checksum:   256944 7a31770b748ff56ba45ac55044960b6d
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_amd64.deb
        Size/MD5 checksum:  1069628 eea22c2ccef5375689fe581de8152a61
      http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_amd64.deb
        Size/MD5 checksum:   321374 1b86ac1f27fee3287f1418973595a4e9
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_amd64.deb
        Size/MD5 checksum:  3099080 f4112f9f06d87e6139097a27e1419664
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_arm.deb
        Size/MD5 checksum:  2900162 21604ffa61b7f5049f0f919030fec0f0
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_arm.deb
        Size/MD5 checksum:  1011344 78bc0d853274ca2fc9f36752ed9f9c51
      http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_arm.deb
        Size/MD5 checksum:   308766 e7547e80f6726b91611f9b92d83aa6b3
      http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_arm.deb
        Size/MD5 checksum:   254374 ead00e7f25c47cc4b8b1ed99801c4ab9
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_armel.deb
        Size/MD5 checksum:   257820 a17086cca6fdaf26e5a6b3fb84ae476d
      http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_armel.deb
        Size/MD5 checksum:   308198 f24e01f4b2396193a314a965555374e8
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_armel.deb
        Size/MD5 checksum:  1017054 d1086599e6a1904548804d538f90c810
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_armel.deb
        Size/MD5 checksum:  2923084 b5e1d56b749941124c8b91f063d44c19
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_hppa.deb
        Size/MD5 checksum:   263122 b611c51dae677b42befac5f2e638d941
      http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_hppa.deb
        Size/MD5 checksum:   347148 c725c156c6cd17d09421e066548c673d
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_hppa.deb
        Size/MD5 checksum:  1169014 d5858e4c11ca0b88f59c24af1a251eea
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_hppa.deb
        Size/MD5 checksum:  2948790 92a46a3cd9b2db3c7f0d07d817a03ba4
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_i386.deb
        Size/MD5 checksum:   957706 21a666157a0a208d8405df062b3276d2
      http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_i386.deb
        Size/MD5 checksum:   304016 9771905fcb4acd6855158c8645722762
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_i386.deb
        Size/MD5 checksum:  2913468 89b7116120a075a7795615d062bd7450
      http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_i386.deb
        Size/MD5 checksum:   254478 7747ea82c2d9e93c6a610d60094fb316
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_ia64.deb
        Size/MD5 checksum:   267008 94a0fe98c183a728df7e64826f8b2c46
      http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_ia64.deb
        Size/MD5 checksum:   410780 a834a4f57ddc003570c6eaaafbc87032
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_ia64.deb
        Size/MD5 checksum:  2797788 1a1f375f7713f69acdf01e77f779b28b
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_ia64.deb
        Size/MD5 checksum:  1489492 a468da7ac4219e564793d06978a6be07
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_mips.deb
        Size/MD5 checksum:   257808 fc1a4db95e71876cf0ffbe0b49327148
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_mips.deb
        Size/MD5 checksum:  3049346 fc35475e7157e1859c154556ecb648b3
      http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_mips.deb
        Size/MD5 checksum:   318740 fbafbce5a6d9498d8cd1fe1d8f1eaebc
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_mips.deb
        Size/MD5 checksum:  1038702 0723e7d8621b7d65517cc3945a9790be
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_mipsel.deb
        Size/MD5 checksum:  1028286 81e4bcd025b2ee3996de08b9fdb0b23a
      http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_mipsel.deb
        Size/MD5 checksum:   317082 8b16e198a97ffb60df698767fef8cc35
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_mipsel.deb
        Size/MD5 checksum:  2999704 d1f9bf1211ec7aa9458dcdd673a4a709
      http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_mipsel.deb
        Size/MD5 checksum:   257740 82ed6773d6e942a70f1274e4a241bdd9
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_powerpc.deb
        Size/MD5 checksum:   255174 6abcf8f6d427c29f704ca156dc201113
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_powerpc.deb
        Size/MD5 checksum:  1029684 997fec6bb01c10e9e3c6aa15f0f78386
      http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_powerpc.deb
        Size/MD5 checksum:   334590 1c8056037d5bccdad7977b49d3910065
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_powerpc.deb
        Size/MD5 checksum:  2946754 1739d7e55a79d8e85dc5e668180846ae
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_s390.deb
        Size/MD5 checksum:  1178522 0e72b044e78bca218a8d55c20c16e8d5
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_s390.deb
        Size/MD5 checksum:  3020690 7115f25dbf7c31c55e768d48a29c8b46
      http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_s390.deb
        Size/MD5 checksum:   258572 f8bf00777c295c76b0071a1354b011fa
      http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_s390.deb
        Size/MD5 checksum:   346234 accf6855c0b8ea6d087bf062b2ac1d7b
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_sparc.deb
        Size/MD5 checksum:   317482 f2f321d58890c1edb386ebc224ac052e
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_sparc.deb
        Size/MD5 checksum:   996192 cf17776aa8674a8c7e71527b6534b0e2
      http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_sparc.deb
        Size/MD5 checksum:   257464 2452b9eef9a3c0b786d4dc4afc2d16ae
      http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_sparc.deb
        Size/MD5 checksum:  2712012 910e98017dabb5adcc109f05f94b1a56
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":51.32,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.47,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"26","type":"x","order":"3","pct":34.21,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.