==========================================================Ubuntu Security Notice USN-810-2            August 04, 2009
nspr update
https://launchpad.net/bugs/387745
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  libnspr4-0d                     4.7.5-0ubuntu0.8.04.1

Ubuntu 8.10:
  libnspr4-0d                     4.7.5-0ubuntu0.8.10.1

Ubuntu 9.04:
  libnspr4-0d                     4.7.5-0ubuntu0.9.04.1

After a standard system upgrade you need to restart any applications that
use NSPR, such as Firefox, to effect the necessary changes.

Details follow:

USN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR
needed to use the new NSS.

Original advisory details:

 Moxie Marlinspike discovered that NSS did not properly handle regular
 expressions in certificate names. A remote attacker could create a
 specially crafted certificate to cause a denial of service (via application
 crash) or execute arbitrary code as the user invoking the program.
 (CVE-2009-2404)
 
 Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did
 not properly handle certificates with NULL characters in the certificate
 name. An attacker could exploit this to perform a man in the middle attack
 to view sensitive information or alter encrypted communications.
 (CVE-2009-2408)
 
 Dan Kaminsky discovered NSS would still accept certificates with MD2 hash
 signatures. As a result, an attacker could potentially create a malicious
 trusted certificate to impersonate another site. (CVE-2009-2409)


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

          Size/MD5:    28600 f5f43fa3b9d3a04dbffb0ef9709ab280
          Size/MD5:     1897 cf92002fb8cbfb273386db008bc89211
          Size/MD5:  1292677 f76d459a9e589d41d65314357a853783

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   287340 52cd782233986f6e9581c0796ce7910b
          Size/MD5:   133030 19179d5f57e329a94da0a05f4fd7573c
          Size/MD5:   272838 bc0196007756817734ebe7d2b87a8174

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   279148 1a63f70ffc48b505bb0eeeebbd02b057
          Size/MD5:   121924 8a034208fd5fceccae0dc656cd34c068
          Size/MD5:   259376 961e2309b182b0a7bcd590e594fa1739

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   282284 4c60ef9d0a36c4ae3919f21ff2fb44fc
          Size/MD5:   120356 d9e14f3ca957970653dea7c689978727
          Size/MD5:   255030 95130f3868815b4900af62bb553d251f

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   288864 b51b9a1c6249691cd645304ea4fb9621
          Size/MD5:   137250 9a239dbea8743626ae8642a4fdcebf52
          Size/MD5:   266696 18bf93095bd95a1e0620b0493de4ad97

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   264952 b1028f1db41955f44c0d6f0e07187ee5
          Size/MD5:   119080 1b2a624c52570dbe01d9e294346e90d5
          Size/MD5:   254952 bd0583da8f3dca1041f69c3f549d80b5

Updated packages for Ubuntu 8.10:

  Source archives:

          Size/MD5:    28491 8834f389b484628a18e102188d5c7665
          Size/MD5:     1897 97dfedceda1419df2257fc774c47a984
          Size/MD5:  1292677 f76d459a9e589d41d65314357a853783

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   299002 4e9566ba8e6ef664a7d2615ab167feb0
          Size/MD5:   135022 7c75ef02983986004da0b9e7dade98c5
          Size/MD5:   274444 927baa6dfd7ae6075589b04442f5d6a6

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   289110 a0e25f90449244c1446eb827a9c4cb39
          Size/MD5:   124698 c72513189f3683dc1ed08e75dd89e20e
          Size/MD5:   262034 8162a01064d4b65e5019596fcda7fc7a

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   293690 fcfe73ee99110af5f749cf8ae92b4d8d
          Size/MD5:   122610 e28d9da522294e3d7d459a7d86528cfd
          Size/MD5:   257476 fde686b087143379964a1c35e787fc57

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   300892 aad5920f4959ef255f48089bc93a3fbe
          Size/MD5:   139818 64554ad09b1c86ccc1de1ba320f3762a
          Size/MD5:   270372 c729bf5eea000659f680845ae6422f0f

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   274950 976e753f8780d59615f6f6f62f59574f
          Size/MD5:   119878 707cae52c164a76b44cd92a955a50841
          Size/MD5:   255590 23cd93eb4d321ad7aeb7bbd5d275d5e4

Updated packages for Ubuntu 9.04:

  Source archives:

          Size/MD5:    26576 f80bef0c81223bca073c69a2161e01c6
          Size/MD5:     1897 7aeb5dc43aad09eec88e30b19956200a
          Size/MD5:  1292677 f76d459a9e589d41d65314357a853783

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   299640 4231966ae422ae9034f53fe9a87ca374
          Size/MD5:   136538 86d92ee8b171759788a9677fd7d77ef9
          Size/MD5:   275612 78d4689f573a4a9394456872c4fd928d

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   289990 9888e6ac77563dbd7504557ddd33b4be
          Size/MD5:   126268 16a827cca1d160874869b7877dd1d542
          Size/MD5:   263208 181b6a6adc98e8dca59890ee4ee83de1

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   294318 f46216ed1d3803d7e35716fd279b92ae
          Size/MD5:   124262 8a4732b18edf81700441511ac4274998
          Size/MD5:   258582 b470aee3e87e3b673dde8380f064d9fb

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   301800 19cfebb4f279d80f81fc59d0ff6ef665
          Size/MD5:   141394 afcd40f1c528c01735be1f0b6c059e58
          Size/MD5:   271416 8263b766f3794c583d49c4fe873e3b5a

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   275842 f09fa3c70ef849f11acbe05e52f56473
          Size/MD5:   121354 f5d3853a01640fffbcd28610fa609c8e
          Size/MD5:   256652 fa320131d8e8c22571cff5974a1e63eb

Ubuntu 810-2: NSPR update

August 4, 2009
USN-810-1 fixed vulnerabilities in NSS

Summary

Update Instructions

References

Severity
nspr update

Package Information

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved