==========================================================Ubuntu Security Notice USN-927-2             April 11, 2010
nss regression
https://launchpad.net/bugs/559881
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
  libnss3-1d                      3.12.6-0ubuntu0.9.10.2

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

USN-927-1 fixed vulnerabilities in NSS. Upstream NSS 3.12.6 added an
additional checksum verification on libnssdbm3.so, but the Ubuntu packaging
did not create this checksum. As a result, Firefox could not initialize the
security component when the NSS Internal FIPS PKCS #11 Module was enabled.
This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
 protocols. If an attacker could perform a man in the middle attack at the
 start of a TLS connection, the attacker could inject arbitrary content at
 the beginning of the user's session. This update adds support for the new
 new renegotiation extension and will use it when the server supports it.


Updated packages for Ubuntu 9.10:

  Source archives:

          Size/MD5:    36659 1c82d002115ed4a76dc98d33ef5c839c
          Size/MD5:     1651 41544d2843858123ad5852de1587744c
          Size/MD5:  5947630 da42596665f226de5eb3ecfc1ec57cd1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:  3235700 8227d9d710a9784750fc541f82d85101
          Size/MD5:  1234558 f8db18eb4fec7df4387e5e546ea99871
          Size/MD5:   263208 692167e64c00a9990af72a28299b4fbb
          Size/MD5:    17854 f9fa214108ab20d8fe4d61567a86d7c0
          Size/MD5:   313212 4ae57dcb06572bcdc1e311977a965c55

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:  3178422 4a141b3f01631497184c0bb260a212f3
          Size/MD5:  1119994 8e4bfbd067aa051603306ce57949ce51
          Size/MD5:   260530 c61feb6f65d7419f93f355a5f0755917
          Size/MD5:    17856 05ac21be0089e816c076f8707d41d21b
          Size/MD5:   299834 26d317dc29710b27dd0d0b7a36b6c2a1

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:  3216556 9230b137f92129c304dddfc5c67853fe
          Size/MD5:  1095892 9566ecb3416bd99ba0e6288505626fe9
          Size/MD5:   259484 0236cb25267ac3ca1b3bfd586d14d26d
          Size/MD5:    17858 ecb362aec61c87f1cfc4e86cd2dec5cb
          Size/MD5:   298510 2977f41a1b2fcf7ca25b331336f7dc8f

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:  3325490 ac9caf32bab4d4b911d1c54112583b65
          Size/MD5:  1207122 99b17d40842c1804ee23d19e4a7ffaa0
          Size/MD5:   261820 f46b59e90bf4ff07ca79b5d404f372ed
          Size/MD5:    17858 dca2efb9e1426ff39c55008eaf942926
          Size/MD5:   311022 da3a483c19347cd667c11d8a989d15aa

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:  2967780 e3456024e64ee1d14b5b754a93840ac7
          Size/MD5:  1074620 202e630d20824b2d4e2614d11d86c2c4
          Size/MD5:   257422 fa69b29c59fe334d65d433ab11febbed
          Size/MD5:    17856 287ae523a22a8049d3d1c802d5760b83
          Size/MD5:   299970 ed1b8755bc1e9da16a08c82ebfecf0fd

Ubuntu 927-2: NSS regression

April 11, 2010
USN-927-1 fixed vulnerabilities in NSS

Summary

Update Instructions

References

Severity
nss regression

Package Information

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved