[USN-810-2] NSPR update
Date: Tue, 4 Aug 2009 17:00:59 -0500
From: Jamie Strandboge <jamie@canonical.com.>
To: [email protected]
Subject: [USN-810-2] NSPR update
Message-ID: <20090804220059.GB18082@severus.strandboge.com.>
Reply-To: Ubuntu Security <security@ubuntu.com.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="tsOsTdHNUZQcU9Ye"
Content-Disposition: inline
User-Agent: Mutt/1.5.20 (2009-06-14)
X-Virus-Scanned: antivirus-gw at tyumen.ru
--tsOsTdHNUZQcU9Ye
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-810-2 August 04, 2009
nspr update
https://launchpad.net/bugs/387745
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
libnspr4-0d 4.7.5-0ubuntu0.8.04.1
Ubuntu 8.10:
libnspr4-0d 4.7.5-0ubuntu0.8.10.1
Ubuntu 9.04:
libnspr4-0d 4.7.5-0ubuntu0.9.04.1
After a standard system upgrade you need to restart any applications that
use NSPR, such as Firefox, to effect the necessary changes.
Details follow:
USN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR
needed to use the new NSS.
Original advisory details:
Moxie Marlinspike discovered that NSS did not properly handle regular
expressions in certificate names. A remote attacker could create a
specially crafted certificate to cause a denial of service (via application
crash) or execute arbitrary code as the user invoking the program.
(CVE-2009-2404)
=20
Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did
not properly handle certificates with NULL characters in the certificate
name. An attacker could exploit this to perform a man in the middle attack
to view sensitive information or alter encrypted communications.
(CVE-2009-2408)
=20
Dan Kaminsky discovered NSS would still accept certificates with MD2 hash
signatures. As a result, an attacker could potentially create a malicious
trusted certificate to impersonate another site. (CVE-2009-2409)
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.=
8.04.1.diff.gz
Size/MD5: 28600 f5f43fa3b9d3a04dbffb0ef9709ab280
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.=
8.04.1.dsc
Size/MD5: 1897 cf92002fb8cbfb273386db008bc89211
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5.orig.tar.=
gz
Size/MD5: 1292677 f76d459a9e589d41d65314357a853783
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.=
5-0ubuntu0.8.04.1_amd64.deb
Size/MD5: 287340 52cd782233986f6e9581c0796ce7910b
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0u=
buntu0.8.04.1_amd64.deb
Size/MD5: 133030 19179d5f57e329a94da0a05f4fd7573c
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0=
ubuntu0.8.04.1_amd64.deb
Size/MD5: 272838 bc0196007756817734ebe7d2b87a8174
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.=
5-0ubuntu0.8.04.1_i386.deb
Size/MD5: 279148 1a63f70ffc48b505bb0eeeebbd02b057
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0u=
buntu0.8.04.1_i386.deb
Size/MD5: 121924 8a034208fd5fceccae0dc656cd34c068
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0=
ubuntu0.8.04.1_i386.deb
Size/MD5: 259376 961e2309b182b0a7bcd590e594fa1739
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0=
=2E8.04.1_lpia.deb
Size/MD5: 282284 4c60ef9d0a36c4ae3919f21ff2fb44fc
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.0=
4.1_lpia.deb
Size/MD5: 120356 d9e14f3ca957970653dea7c689978727
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.=
04.1_lpia.deb
Size/MD5: 255030 95130f3868815b4900af62bb553d251f
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0=
=2E8.04.1_powerpc.deb
Size/MD5: 288864 b51b9a1c6249691cd645304ea4fb9621
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.0=
4.1_powerpc.deb
Size/MD5: 137250 9a239dbea8743626ae8642a4fdcebf52
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.=
04.1_powerpc.deb
Size/MD5: 266696 18bf93095bd95a1e0620b0493de4ad97
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0=
=2E8.04.1_sparc.deb
Size/MD5: 264952 b1028f1db41955f44c0d6f0e07187ee5
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.0=
4.1_sparc.deb
Size/MD5: 119080 1b2a624c52570dbe01d9e294346e90d5
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.=
04.1_sparc.deb
Size/MD5: 254952 bd0583da8f3dca1041f69c3f549d80b5
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.=
8.10.1.diff.gz
Size/MD5: 28491 8834f389b484628a18e102188d5c7665
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.=
8.10.1.dsc
Size/MD5: 1897 97dfedceda1419df2257fc774c47a984
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5.orig.tar.=
gz
Size/MD5: 1292677 f76d459a9e589d41d65314357a853783
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.=
5-0ubuntu0.8.10.1_amd64.deb
Size/MD5: 299002 4e9566ba8e6ef664a7d2615ab167feb0
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0u=
buntu0.8.10.1_amd64.deb
Size/MD5: 135022 7c75ef02983986004da0b9e7dade98c5
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0=
ubuntu0.8.10.1_amd64.deb
Size/MD5: 274444 927baa6dfd7ae6075589b04442f5d6a6
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.=
5-0ubuntu0.8.10.1_i386.deb
Size/MD5: 289110 a0e25f90449244c1446eb827a9c4cb39
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0u=
buntu0.8.10.1_i386.deb
Size/MD5: 124698 c72513189f3683dc1ed08e75dd89e20e
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0=
ubuntu0.8.10.1_i386.deb
Size/MD5: 262034 8162a01064d4b65e5019596fcda7fc7a
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0=
=2E8.10.1_lpia.deb
Size/MD5: 293690 fcfe73ee99110af5f749cf8ae92b4d8d
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.1=
0.1_lpia.deb
Size/MD5: 122610 e28d9da522294e3d7d459a7d86528cfd
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.=
10.1_lpia.deb
Size/MD5: 257476 fde686b087143379964a1c35e787fc57
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0=
=2E8.10.1_powerpc.deb
Size/MD5: 300892 aad5920f4959ef255f48089bc93a3fbe
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.1=
0.1_powerpc.deb
Size/MD5: 139818 64554ad09b1c86ccc1de1ba320f3762a
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.=
10.1_powerpc.deb
Size/MD5: 270372 c729bf5eea000659f680845ae6422f0f
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0=
=2E8.10.1_sparc.deb
Size/MD5: 274950 976e753f8780d59615f6f6f62f59574f
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.1=
0.1_sparc.deb
Size/MD5: 119878 707cae52c164a76b44cd92a955a50841
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.=
10.1_sparc.deb
Size/MD5: 255590 23cd93eb4d321ad7aeb7bbd5d275d5e4
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.=
9.04.1.diff.gz
Size/MD5: 26576 f80bef0c81223bca073c69a2161e01c6
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.=
9.04.1.dsc
Size/MD5: 1897 7aeb5dc43aad09eec88e30b19956200a
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5.orig.tar.=
gz
Size/MD5: 1292677 f76d459a9e589d41d65314357a853783
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.=
5-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 299640 4231966ae422ae9034f53fe9a87ca374
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0u=
buntu0.9.04.1_amd64.deb
Size/MD5: 136538 86d92ee8b171759788a9677fd7d77ef9
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0=
ubuntu0.9.04.1_amd64.deb
Size/MD5: 275612 78d4689f573a4a9394456872c4fd928d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.=
5-0ubuntu0.9.04.1_i386.deb
Size/MD5: 289990 9888e6ac77563dbd7504557ddd33b4be
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0u=
buntu0.9.04.1_i386.deb
Size/MD5: 126268 16a827cca1d160874869b7877dd1d542
http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0=
ubuntu0.9.04.1_i386.deb
Size/MD5: 263208 181b6a6adc98e8dca59890ee4ee83de1
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0=
=2E9.04.1_lpia.deb
Size/MD5: 294318 f46216ed1d3803d7e35716fd279b92ae
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.9.0=
4.1_lpia.deb
Size/MD5: 124262 8a4732b18edf81700441511ac4274998
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.9.=
04.1_lpia.deb
Size/MD5: 258582 b470aee3e87e3b673dde8380f064d9fb
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0=
=2E9.04.1_powerpc.deb
Size/MD5: 301800 19cfebb4f279d80f81fc59d0ff6ef665
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.9.0=
4.1_powerpc.deb
Size/MD5: 141394 afcd40f1c528c01735be1f0b6c059e58
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.9.=
04.1_powerpc.deb
Size/MD5: 271416 8263b766f3794c583d49c4fe873e3b5a
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0=
=2E9.04.1_sparc.deb
Size/MD5: 275842 f09fa3c70ef849f11acbe05e52f56473
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.9.0=
4.1_sparc.deb
Size/MD5: 121354 f5d3853a01640fffbcd28610fa609c8e
http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.9.=
04.1_sparc.deb
Size/MD5: 256652 fa320131d8e8c22571cff5974a1e63eb
--tsOsTdHNUZQcU9Ye
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkp4r5sACgkQW0JvuRdL8BoZfACfVkE764ncfkCYDUJUI/THcG1n
PgsAn0nt3a3eIskFvkMGYM4FYB+m7D12
=SEQr
-----END PGP SIGNATURE-----
--tsOsTdHNUZQcU9Ye--