Ubuntu 810-2: NSPR update

    Date04 Aug 2009
    CategoryUbuntu
    91
    Posted ByLinuxSecurity Advisories
    USN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS.
    ===========================================================
    Ubuntu Security Notice USN-810-2            August 04, 2009
    nspr update
    https://launchpad.net/bugs/387745
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 8.04 LTS
    Ubuntu 8.10
    Ubuntu 9.04
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 8.04 LTS:
      libnspr4-0d                     4.7.5-0ubuntu0.8.04.1
    
    Ubuntu 8.10:
      libnspr4-0d                     4.7.5-0ubuntu0.8.10.1
    
    Ubuntu 9.04:
      libnspr4-0d                     4.7.5-0ubuntu0.9.04.1
    
    After a standard system upgrade you need to restart any applications that
    use NSPR, such as Firefox, to effect the necessary changes.
    
    Details follow:
    
    USN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR
    needed to use the new NSS.
    
    Original advisory details:
    
     Moxie Marlinspike discovered that NSS did not properly handle regular
     expressions in certificate names. A remote attacker could create a
     specially crafted certificate to cause a denial of service (via application
     crash) or execute arbitrary code as the user invoking the program.
     (CVE-2009-2404)
     
     Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did
     not properly handle certificates with NULL characters in the certificate
     name. An attacker could exploit this to perform a man in the middle attack
     to view sensitive information or alter encrypted communications.
     (CVE-2009-2408)
     
     Dan Kaminsky discovered NSS would still accept certificates with MD2 hash
     signatures. As a result, an attacker could potentially create a malicious
     trusted certificate to impersonate another site. (CVE-2009-2409)
    
    
    Updated packages for Ubuntu 8.04 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.8.04.1.diff.gz
          Size/MD5:    28600 f5f43fa3b9d3a04dbffb0ef9709ab280
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.8.04.1.dsc
          Size/MD5:     1897 cf92002fb8cbfb273386db008bc89211
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5.orig.tar.gz
          Size/MD5:  1292677 f76d459a9e589d41d65314357a853783
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.04.1_amd64.deb
          Size/MD5:   287340 52cd782233986f6e9581c0796ce7910b
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.04.1_amd64.deb
          Size/MD5:   133030 19179d5f57e329a94da0a05f4fd7573c
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.04.1_amd64.deb
          Size/MD5:   272838 bc0196007756817734ebe7d2b87a8174
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.04.1_i386.deb
          Size/MD5:   279148 1a63f70ffc48b505bb0eeeebbd02b057
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.04.1_i386.deb
          Size/MD5:   121924 8a034208fd5fceccae0dc656cd34c068
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.04.1_i386.deb
          Size/MD5:   259376 961e2309b182b0a7bcd590e594fa1739
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.04.1_lpia.deb
          Size/MD5:   282284 4c60ef9d0a36c4ae3919f21ff2fb44fc
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.04.1_lpia.deb
          Size/MD5:   120356 d9e14f3ca957970653dea7c689978727
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.04.1_lpia.deb
          Size/MD5:   255030 95130f3868815b4900af62bb553d251f
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.04.1_powerpc.deb
          Size/MD5:   288864 b51b9a1c6249691cd645304ea4fb9621
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.04.1_powerpc.deb
          Size/MD5:   137250 9a239dbea8743626ae8642a4fdcebf52
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.04.1_powerpc.deb
          Size/MD5:   266696 18bf93095bd95a1e0620b0493de4ad97
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.04.1_sparc.deb
          Size/MD5:   264952 b1028f1db41955f44c0d6f0e07187ee5
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.04.1_sparc.deb
          Size/MD5:   119080 1b2a624c52570dbe01d9e294346e90d5
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.04.1_sparc.deb
          Size/MD5:   254952 bd0583da8f3dca1041f69c3f549d80b5
    
    Updated packages for Ubuntu 8.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.8.10.1.diff.gz
          Size/MD5:    28491 8834f389b484628a18e102188d5c7665
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.8.10.1.dsc
          Size/MD5:     1897 97dfedceda1419df2257fc774c47a984
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5.orig.tar.gz
          Size/MD5:  1292677 f76d459a9e589d41d65314357a853783
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.10.1_amd64.deb
          Size/MD5:   299002 4e9566ba8e6ef664a7d2615ab167feb0
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.10.1_amd64.deb
          Size/MD5:   135022 7c75ef02983986004da0b9e7dade98c5
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.10.1_amd64.deb
          Size/MD5:   274444 927baa6dfd7ae6075589b04442f5d6a6
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.10.1_i386.deb
          Size/MD5:   289110 a0e25f90449244c1446eb827a9c4cb39
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.10.1_i386.deb
          Size/MD5:   124698 c72513189f3683dc1ed08e75dd89e20e
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.10.1_i386.deb
          Size/MD5:   262034 8162a01064d4b65e5019596fcda7fc7a
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.10.1_lpia.deb
          Size/MD5:   293690 fcfe73ee99110af5f749cf8ae92b4d8d
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.10.1_lpia.deb
          Size/MD5:   122610 e28d9da522294e3d7d459a7d86528cfd
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.10.1_lpia.deb
          Size/MD5:   257476 fde686b087143379964a1c35e787fc57
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.10.1_powerpc.deb
          Size/MD5:   300892 aad5920f4959ef255f48089bc93a3fbe
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.10.1_powerpc.deb
          Size/MD5:   139818 64554ad09b1c86ccc1de1ba320f3762a
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.10.1_powerpc.deb
          Size/MD5:   270372 c729bf5eea000659f680845ae6422f0f
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.10.1_sparc.deb
          Size/MD5:   274950 976e753f8780d59615f6f6f62f59574f
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.10.1_sparc.deb
          Size/MD5:   119878 707cae52c164a76b44cd92a955a50841
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.10.1_sparc.deb
          Size/MD5:   255590 23cd93eb4d321ad7aeb7bbd5d275d5e4
    
    Updated packages for Ubuntu 9.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.9.04.1.diff.gz
          Size/MD5:    26576 f80bef0c81223bca073c69a2161e01c6
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.9.04.1.dsc
          Size/MD5:     1897 7aeb5dc43aad09eec88e30b19956200a
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5.orig.tar.gz
          Size/MD5:  1292677 f76d459a9e589d41d65314357a853783
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.9.04.1_amd64.deb
          Size/MD5:   299640 4231966ae422ae9034f53fe9a87ca374
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.9.04.1_amd64.deb
          Size/MD5:   136538 86d92ee8b171759788a9677fd7d77ef9
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.9.04.1_amd64.deb
          Size/MD5:   275612 78d4689f573a4a9394456872c4fd928d
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.9.04.1_i386.deb
          Size/MD5:   289990 9888e6ac77563dbd7504557ddd33b4be
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.9.04.1_i386.deb
          Size/MD5:   126268 16a827cca1d160874869b7877dd1d542
        http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.9.04.1_i386.deb
          Size/MD5:   263208 181b6a6adc98e8dca59890ee4ee83de1
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.9.04.1_lpia.deb
          Size/MD5:   294318 f46216ed1d3803d7e35716fd279b92ae
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.9.04.1_lpia.deb
          Size/MD5:   124262 8a4732b18edf81700441511ac4274998
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.9.04.1_lpia.deb
          Size/MD5:   258582 b470aee3e87e3b673dde8380f064d9fb
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.9.04.1_powerpc.deb
          Size/MD5:   301800 19cfebb4f279d80f81fc59d0ff6ef665
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.9.04.1_powerpc.deb
          Size/MD5:   141394 afcd40f1c528c01735be1f0b6c059e58
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.9.04.1_powerpc.deb
          Size/MD5:   271416 8263b766f3794c583d49c4fe873e3b5a
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.9.04.1_sparc.deb
          Size/MD5:   275842 f09fa3c70ef849f11acbe05e52f56473
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.9.04.1_sparc.deb
          Size/MD5:   121354 f5d3853a01640fffbcd28610fa609c8e
        http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.9.04.1_sparc.deb
          Size/MD5:   256652 fa320131d8e8c22571cff5974a1e63eb
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.11,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":33.33,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.