Linux Security
    Linux Security
    Linux Security

    Debian: DSA-1874-1: New nss packages fix several vulnerabilities

    Date 26 Aug 2009
    Posted By LinuxSecurity Advisories
    Several vulnerabilities have been discovered in the Network Security Service libraries. The Common Vulnerabilities and Exposures project identifies the following problems:
    Hash: SHA1
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1874-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                       Moritz Muehlenhoff
    August 26, 2009             
    - ------------------------------------------------------------------------
    Package        : nss
    Vulnerability  : several
    Problem type   : local(remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2009-2404 CVE-2009-2408 CVE-2009-2409
    Several vulnerabilities have been discovered in the Network Security
    Service libraries. The Common Vulnerabilities and Exposures project
    identifies the following problems:
       Moxie Marlinspike discovered that a buffer overflow in the regular
       expression parser could lead to the execution of arbitrary code.
       Dan Kaminsky discovered that NULL characters in certificate
       names could lead to man-in-the-middle attacks by tricking the user
       into accepting a rogue certificate.
       Certificates with MD2 hash signatures are no longer accepted
       since they're no longer considered cryptograhically secure.
    The old stable distribution (etch) doesn't contain nss.
    For the stable distribution (lenny), these problems have been fixed in
    For the unstable distribution (sid), these problems have been fixed in
    We recommend that you upgrade your nss packages.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    Source archives:
        Size/MD5 checksum:     1401 1dbc1107598064214fa689733495c56c
        Size/MD5 checksum:  5320607 750839c9c018a0984fd94f7a9cc3dd7f
        Size/MD5 checksum:    52489 96f62370296f7d18a9748429ac99525f
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:  3048842 6b764e28ae56542572a4275e50c4d303
        Size/MD5 checksum:   267250 b00f4c63a8d27a54fb562029411daf0e
        Size/MD5 checksum:  1204106 c8ba098d6cc0af39ab93cd728ca7bb19
        Size/MD5 checksum:   342544 2191bbcd5708f719392c8489bde7a0c6
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:   256944 7a31770b748ff56ba45ac55044960b6d
        Size/MD5 checksum:  1069628 eea22c2ccef5375689fe581de8152a61
        Size/MD5 checksum:   321374 1b86ac1f27fee3287f1418973595a4e9
        Size/MD5 checksum:  3099080 f4112f9f06d87e6139097a27e1419664
    arm architecture (ARM)
        Size/MD5 checksum:  2900162 21604ffa61b7f5049f0f919030fec0f0
        Size/MD5 checksum:  1011344 78bc0d853274ca2fc9f36752ed9f9c51
        Size/MD5 checksum:   308766 e7547e80f6726b91611f9b92d83aa6b3
        Size/MD5 checksum:   254374 ead00e7f25c47cc4b8b1ed99801c4ab9
    armel architecture (ARM EABI)
        Size/MD5 checksum:   257820 a17086cca6fdaf26e5a6b3fb84ae476d
        Size/MD5 checksum:   308198 f24e01f4b2396193a314a965555374e8
        Size/MD5 checksum:  1017054 d1086599e6a1904548804d538f90c810
        Size/MD5 checksum:  2923084 b5e1d56b749941124c8b91f063d44c19
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:   263122 b611c51dae677b42befac5f2e638d941
        Size/MD5 checksum:   347148 c725c156c6cd17d09421e066548c673d
        Size/MD5 checksum:  1169014 d5858e4c11ca0b88f59c24af1a251eea
        Size/MD5 checksum:  2948790 92a46a3cd9b2db3c7f0d07d817a03ba4
    i386 architecture (Intel ia32)
        Size/MD5 checksum:   957706 21a666157a0a208d8405df062b3276d2
        Size/MD5 checksum:   304016 9771905fcb4acd6855158c8645722762
        Size/MD5 checksum:  2913468 89b7116120a075a7795615d062bd7450
        Size/MD5 checksum:   254478 7747ea82c2d9e93c6a610d60094fb316
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:   267008 94a0fe98c183a728df7e64826f8b2c46
        Size/MD5 checksum:   410780 a834a4f57ddc003570c6eaaafbc87032
        Size/MD5 checksum:  2797788 1a1f375f7713f69acdf01e77f779b28b
        Size/MD5 checksum:  1489492 a468da7ac4219e564793d06978a6be07
    mips architecture (MIPS (Big Endian))
        Size/MD5 checksum:   257808 fc1a4db95e71876cf0ffbe0b49327148
        Size/MD5 checksum:  3049346 fc35475e7157e1859c154556ecb648b3
        Size/MD5 checksum:   318740 fbafbce5a6d9498d8cd1fe1d8f1eaebc
        Size/MD5 checksum:  1038702 0723e7d8621b7d65517cc3945a9790be
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum:  1028286 81e4bcd025b2ee3996de08b9fdb0b23a
        Size/MD5 checksum:   317082 8b16e198a97ffb60df698767fef8cc35
        Size/MD5 checksum:  2999704 d1f9bf1211ec7aa9458dcdd673a4a709
        Size/MD5 checksum:   257740 82ed6773d6e942a70f1274e4a241bdd9
    powerpc architecture (PowerPC)
        Size/MD5 checksum:   255174 6abcf8f6d427c29f704ca156dc201113
        Size/MD5 checksum:  1029684 997fec6bb01c10e9e3c6aa15f0f78386
        Size/MD5 checksum:   334590 1c8056037d5bccdad7977b49d3910065
        Size/MD5 checksum:  2946754 1739d7e55a79d8e85dc5e668180846ae
    s390 architecture (IBM S/390)
        Size/MD5 checksum:  1178522 0e72b044e78bca218a8d55c20c16e8d5
        Size/MD5 checksum:  3020690 7115f25dbf7c31c55e768d48a29c8b46
        Size/MD5 checksum:   258572 f8bf00777c295c76b0071a1354b011fa
        Size/MD5 checksum:   346234 accf6855c0b8ea6d087bf062b2ac1d7b
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:   317482 f2f321d58890c1edb386ebc224ac052e
        Size/MD5 checksum:   996192 cf17776aa8674a8c7e71527b6534b0e2
        Size/MD5 checksum:   257464 2452b9eef9a3c0b786d4dc4afc2d16ae
        Size/MD5 checksum:  2712012 910e98017dabb5adcc109f05f94b1a56
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and


    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"8","type":"x","order":"1","pct":27.59,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":20.69,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":51.72,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.