Ubuntu 810-1: NSS vulnerabilities

    Date04 Aug 2009
    CategoryUbuntu
    101
    Posted ByLinuxSecurity Advisories
    Moxie Marlinspike discovered that NSS did not properly handle regularexpressions in certificate names. A remote attacker could create aspecially crafted certificate to cause a denial of service (via applicationcrash) or execute arbitrary code as the user invoking the program.(CVE-2009-2404) [More...]
    ===========================================================
    Ubuntu Security Notice USN-810-1            August 04, 2009
    nss vulnerabilities
    CVE-2009-2404, CVE-2009-2408, CVE-2009-2409
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 8.04 LTS
    Ubuntu 8.10
    Ubuntu 9.04
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 8.04 LTS:
      libnss3-1d                      3.12.3.1-0ubuntu0.8.04.1
    
    Ubuntu 8.10:
      libnss3-1d                      3.12.3.1-0ubuntu0.8.10.1
    
    Ubuntu 9.04:
      libnss3-1d                      3.12.3.1-0ubuntu0.9.04.1
    
    After a standard system upgrade you need to restart an applications that
    use NSS, such as Firefox, to effect the necessary changes.
    
    Details follow:
    
    Moxie Marlinspike discovered that NSS did not properly handle regular
    expressions in certificate names. A remote attacker could create a
    specially crafted certificate to cause a denial of service (via application
    crash) or execute arbitrary code as the user invoking the program.
    (CVE-2009-2404)
    
    Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did
    not properly handle certificates with NULL characters in the certificate
    name. An attacker could exploit this to perform a man in the middle attack
    to view sensitive information or alter encrypted communications.
    (CVE-2009-2408)
    
    Dan Kaminsky discovered NSS would still accept certificates with MD2 hash
    signatures. As a result, an attacker could potentially create a malicious
    trusted certificate to impersonate another site. (CVE-2009-2409)
    
    
    Updated packages for Ubuntu 8.04 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.1.diff.gz
          Size/MD5:    37286 f4041d128d758f5506197b1cf0f1214f
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.1.dsc
          Size/MD5:     2012 401475ce9f7efa228d7b61671aa69c11
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz
          Size/MD5:  5316068 cc5607243fdfdbc80ebbbf6dbb33f784
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_amd64.deb
          Size/MD5:    18232 49a5581a19be7771ecdc65fb943e86d7
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_amd64.deb
          Size/MD5:  3166090 074734f6e0fd51257999bdc0e38010f3
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_amd64.deb
          Size/MD5:  1147016 ddc8dfd4f0cc77c129c5bb4b18b6612c
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_amd64.deb
          Size/MD5:   257780 f6d735c7c95478fe2992178e0d7781d4
        http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_amd64.deb
          Size/MD5:   312528 05d78cad52b8c5464350c9b191528e0e
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_i386.deb
          Size/MD5:    18200 2c088a165372b431416a5b6d9f54b80b
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_i386.deb
          Size/MD5:  3012554 50978f6f10b9f4c3918822d864d41aed
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_i386.deb
          Size/MD5:  1040016 f0a52f96bd4f7bb7d8001b7ca5ace8d0
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_i386.deb
          Size/MD5:   254880 c2151ff8a86f4119fcefa1f6c9ee7add
        http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_i386.deb
          Size/MD5:   295096 f6fde2292ca35df9e6cac822d158e512
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_lpia.deb
          Size/MD5:    18190 cbc624cedbae82a39d3c47aaa8ffee38
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_lpia.deb
          Size/MD5:  3041822 533fda14ea785417cababc58419a8fec
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_lpia.deb
          Size/MD5:  1016224 1ed477ec2ffe3ac642cb7c29413842ab
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_lpia.deb
          Size/MD5:   253574 b9756509dcdeea8433a0f6bbe2dc27b7
        http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_lpia.deb
          Size/MD5:   292466 55f2cf8c33f19f17cae613aca3ce71c1
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb
          Size/MD5:    20678 a26907dda711e1d13e8d597bee4689e0
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb
          Size/MD5:  3125800 102117180150342cecff38e653963f66
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb
          Size/MD5:  1143852 f96cab41f4bf24cf4fa4686b3a963464
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb
          Size/MD5:   256600 e19a891112bea8df4f27fe569da9c951
        http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb
          Size/MD5:   324934 9aaac74bc3f6ec7f990f78d556c5ec09
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_sparc.deb
          Size/MD5:    18292 7e17d87ea08f93759ed7784705d82453
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_sparc.deb
          Size/MD5:  2834720 02b6284e651dcf2e6556378dcb730689
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_sparc.deb
          Size/MD5:  1019944 ee1829f9195609b3912994fc76788243
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_sparc.deb
          Size/MD5:   251578 09583a51b0814b53959af6d79a1b4f8c
        http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_sparc.deb
          Size/MD5:   299484 0d12ed86aae10c56300bd7cefb2884ef
    
    Updated packages for Ubuntu 8.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.1.diff.gz
          Size/MD5:    32769 d4e1fb5ca38687ad1e7532c457febc11
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.1.dsc
          Size/MD5:     2012 f98ccd513ae480ac7b56d7a4793758d3
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz
          Size/MD5:  5316068 cc5607243fdfdbc80ebbbf6dbb33f784
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_amd64.deb
          Size/MD5:  3310610 9f8e4b95d1019e3956a88745ce3888c4
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_amd64.deb
          Size/MD5:  1195070 21daa67a1f51cc4a942e41beb2da001f
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_amd64.deb
          Size/MD5:   257586 89d972c2b67679eca265abac76d0687d
        http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_amd64.deb
          Size/MD5:    18296 8c1d95902c4f0e85c47a3ca941f0b48a
        http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_amd64.deb
          Size/MD5:   317026 11f10cc940951638cf5cac0e6e2f7ded
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_i386.deb
          Size/MD5:  3137262 2ae6e2fa5e934a5fa27e14cedcdc74b6
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_i386.deb
          Size/MD5:  1076898 59318f3e92b12686695704ef33074dc0
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_i386.deb
          Size/MD5:   254686 b0dc3ec378ea87afff4a6d46fafca34f
        http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_i386.deb
          Size/MD5:    18248 7a86d451f0cc722f66ca51f9894c81e2
        http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_i386.deb
          Size/MD5:   300214 88f4442427f4ad5b1e507f24a872d7d5
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_lpia.deb
          Size/MD5:  3173686 65714f22fc4908727cd58fa917cff249
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_lpia.deb
          Size/MD5:  1050748 c55a36fa65b311364ddfc5f9bcacc3e9
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_lpia.deb
          Size/MD5:   253226 0b49775e55163a5c6fa22fba288eded7
        http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_lpia.deb
          Size/MD5:    18220 8fd881d7744299014a919437d9edaf87
        http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_lpia.deb
          Size/MD5:   296154 fce2927b08d43ba6d2188bf927dfb4d6
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb
          Size/MD5:  3284430 e411ebc5e3848a9a28fdb7bcf55af833
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb
          Size/MD5:  1165792 f6a9ba644f3fb0cd888bf4b425522633
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb
          Size/MD5:   256434 19a95ab61e462058ecaf05cbebd11c8a
        http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb
          Size/MD5:    20666 abe014ba1940180af1051006e4d293fd
        http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb
          Size/MD5:   320710 0f3c730279a7e731e72986d15fa2fcc2
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_sparc.deb
          Size/MD5:  2942578 3d396922de5283db749fd41036403ead
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_sparc.deb
          Size/MD5:  1038356 9d291947a8ef7d02c8c1a9746c1309d4
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_sparc.deb
          Size/MD5:   251226 c09de8036a434e93488b5c1b77108246
        http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_sparc.deb
          Size/MD5:    18380 0d18623f50973af22fd4e44e0d042bf4
        http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_sparc.deb
          Size/MD5:   301438 430f4a9aef7a540fac80629656572ea9
    
    Updated packages for Ubuntu 9.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.1.diff.gz
          Size/MD5:    35980 b64ec10add3d7fbbc7335b0f85b9fb00
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.1.dsc
          Size/MD5:     2012 a889688996d5530e8bf1eb181683137e
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz
          Size/MD5:  5316068 cc5607243fdfdbc80ebbbf6dbb33f784
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_amd64.deb
          Size/MD5:  3309788 d48afcfa4139fe94b4c0af67c8d9c850
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_amd64.deb
          Size/MD5:  1196740 7ace44202680241529edaeb226d0dec1
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_amd64.deb
          Size/MD5:   258240 54d581c61ba7608526790263545e1b1c
        http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_amd64.deb
          Size/MD5:    17404 bfbb39c275bb15dcef644991c6af7e7b
        http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_amd64.deb
          Size/MD5:   317668 9d55ed9607359667cf963e04ccb834d5
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_i386.deb
          Size/MD5:  3137602 af5d5d420c440bf53de79f8952ee17d0
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_i386.deb
          Size/MD5:  1078336 706162a5436e733e4ce57d51baf163fb
        http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_i386.deb
          Size/MD5:   255338 140b54235689f93baa3971add5401a42
        http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_i386.deb
          Size/MD5:    17412 fb6ca266988f45378c41455fa5207a85
        http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_i386.deb
          Size/MD5:   300808 7b06b74c327641634d4f8f1f61b7d432
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_lpia.deb
          Size/MD5:  3171676 ad44dc80ef0066d3da2edede234b0210
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_lpia.deb
          Size/MD5:  1052136 727ab68dd03bec2ae01b4611c5f98309
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_lpia.deb
          Size/MD5:   253840 15198ca066b229b42ced8cb5f4307a53
        http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_lpia.deb
          Size/MD5:    17408 fdf85ab9c62a3d3999d4f49bf0172243
        http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_lpia.deb
          Size/MD5:   296796 ecc392b5e6b2b2b5b5ef6d9f93f3ad30
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb
          Size/MD5:  3282216 5399927c4f40c9369fcb58d3038cc3ec
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb
          Size/MD5:  1167866 477cd3a3cb2ec7c5cf791208e096de93
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb
          Size/MD5:   257080 85844f856588609fba74ec37044f9c35
        http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb
          Size/MD5:    17410 98059af1adbd24026a4dab4faa27ddd1
        http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb
          Size/MD5:   321372 b7afef4b3c7dc27dceb12668458629d8
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_sparc.deb
          Size/MD5:  2942004 2e8c7c62ef1119b9326564fe50389b8d
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_sparc.deb
          Size/MD5:  1039416 ad6d7c7f3a2301c7e46a1102098fdbaf
        http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_sparc.deb
          Size/MD5:   251874 4a70da68d8ae2e444b7aaf6836d50eba
        http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_sparc.deb
          Size/MD5:    17410 9921067423eeb95bea428bf9f471559c
        http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_sparc.deb
          Size/MD5:   301814 302527f9bbcb164d12b13d25719a9ab9
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.1,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"28","type":"x","order":"3","pct":35.9,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.