Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: 1106-1: NSS vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that several invalid HTTPS certificates were issued andrevoked. An attacker could exploit these to perform a man in the middleattack to view sensitive information or alter encrypted communications.These certificates were marked as explicitly not trusted to prevent theirmisuse. [More...]
Ubuntu Security Notice USN-1106-1            April 06, 2011
nss vulnerabilities

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  libnss3-1d                      3.12.9+ckbi-1.82-0ubuntu0.8.04.1

Ubuntu 9.10:
  libnss3-1d                      3.12.9+ckbi-1.82-0ubuntu0.9.10.1

Ubuntu 10.04 LTS:
  libnss3-1d                      3.12.9+ckbi-1.82-0ubuntu0.10.04.1

Ubuntu 10.10:
  libnss3-1d                      3.12.9+ckbi-1.82-0ubuntu0.10.10.1

After a standard system update you need to restart any applications that
use NSS, such as Thunderbird or Evolution, to make all the necessary

Details follow:

It was discovered that several invalid HTTPS certificates were issued and
revoked. An attacker could exploit these to perform a man in the middle
attack to view sensitive information or alter encrypted communications.
These certificates were marked as explicitly not trusted to prevent their

Updated packages for Ubuntu 8.04 LTS:

  Source archives:
      Size/MD5:    38160 26e5fa8be2dd46b9509b6ba4c14d9a41
      Size/MD5:     1431 feaffe0aa70f65d08d8c53fe4488644a
      Size/MD5:  6013564 58419debd698638b4660d87eb995df91

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:    19128 7835438a608760273498dc9c025b1f6b
      Size/MD5:  3250536 b15290e124b2c5ad3ae84a36792602d8
      Size/MD5:  1207114 d9b4facc2777c5a125416743314e68e8
      Size/MD5:   265546 72c7edd8b7e95999c75b78f726f1fca2
      Size/MD5:   312970 2c8b3e17cd4ae994cebd31e884717f4b

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:    19034 f923001ad66ac3729049aba3c6827d63
      Size/MD5:  3095986 fa05a1f129134baecd7b8de9358ab1c7
      Size/MD5:  1093834 890eb1d3b54a3a427245c7e4cc2ae9a5
      Size/MD5:   262908 235d9c2cf8a860fda38f5f2cc96bb4ab
      Size/MD5:   295252 4ac8424e4e242f0380620e69b598f34c

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:    19022 574e05c6f3b9df360c7e2f1db6fa7b67
      Size/MD5:  3130522 4986362b65eb97ca5b78ad241435ded2
      Size/MD5:  1072310 0a146aed92e8f2adbf993c02985a3982
      Size/MD5:   261740 0fcd7826f1b508a336ec9546e98f37d1
      Size/MD5:   292912 bda78213ea3697534ed1d25f21a376ae

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:    21494 09fe7f661019003de1e29fb39fe55be0
      Size/MD5:  3212436 aa8a97c5c614d397b178fb1df09696bd
      Size/MD5:  1202502 25fc900cc643800e24434a3b4d220d0b
      Size/MD5:   264538 4ee43fa1bb56038a557f558045094784
      Size/MD5:   326282 a8e875ba7d469936ceac630cf9706b5a

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:    19122 5094405c0918b7f1108572543c1615c8
      Size/MD5:  2918668 9958c56cffb06f26dc2d998a315af778
      Size/MD5:  1074630 cbebc9ee8e720869cb5bab808d5c705e
      Size/MD5:   260062 d851ab32c443409e67d077fa1421074e
      Size/MD5:   300778 93a5cb47a2e14b188830ccd7bbc2a12c

Updated packages for Ubuntu 9.10:

  Source archives:
      Size/MD5:    37983 5557210562e3968b80d14837cad43b09
      Size/MD5:     1431 f699592d8fb10216053d60ced7aa0527
      Size/MD5:  6013564 58419debd698638b4660d87eb995df91

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:  3272970 f10aa5b300e800fac8716f448d5e1b27
      Size/MD5:  1258574 f125e5089df66313ea9968c248d34751
      Size/MD5:   266052 92d5e3e512c299a06297cd1b83684b4c
      Size/MD5:    18244 5b6b15ce5ce9d5d1c33732e4cece815d
      Size/MD5:   312992 490ba7dad2c9b3105297bd6b3aaa894e

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:  3218852 b02470d9c90ac0390fb90f8911e69411
      Size/MD5:  1144322 214c689a25d1d450a3daa789d486f8f5
      Size/MD5:   263394 0323bd29e456919226d779c79960b0c9
      Size/MD5:    18236 61a19cbff6c281f62fb7b2769f662c6b
      Size/MD5:   299112 ea0bbae7997b40c133ca2e5b1dee014e

  armel architecture (ARM Architecture):
      Size/MD5:  3201002 52ad7be13472d785f7c4fae4c27bd208
      Size/MD5:  1125624 7ea1797bf6074c079dc8a1f6f7736684
      Size/MD5:   265860 aa9527e3776bfe7163b16f61c1b13e49
      Size/MD5:    18250 99757d9b6b8700a1ca7d62b8a2786c29
      Size/MD5:   295292 c38b53749bde3f1d6a560c08d3a86f54

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:  3260120 6978f195450eb764fe824aeade0f9730
      Size/MD5:  1120508 fbbe2f6b43ece55aa135eb7320d8580a
      Size/MD5:   262360 d54add562444c6a7790bf2f2ea13a186
      Size/MD5:    18236 1cbd94ee0c868b5324070ec7cdaf991a
      Size/MD5:   297544 10199da0f2ba7eaaf5226490848ab948

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:  3364262 0f6fe59a8b366a825894640e91726f61
      Size/MD5:  1229690 5967b23c17071002724464aab949a7b9
      Size/MD5:   264660 1e4a510980d6783edf5b561478c750b7
      Size/MD5:    18236 9f26f1fd50dcccf267e091cbafc829d4
      Size/MD5:   310066 2b7b2d094c43358f3e7002d34c432d7e

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:  2999856 4afce16c98e0dd28b4120dca8a6e0c43
      Size/MD5:  1096410 6cc85cfe54aa1e05e2cadbc9a23b0a76
      Size/MD5:   260540 98e0914f67ace7a7b43b276f6d88ad9c
      Size/MD5:    18242 4d73604d5b087f9d4ecfb4ff01a8fc33
      Size/MD5:   299400 f01cf0866426e2644eb164debb3c869c

Updated packages for Ubuntu 10.04 LTS:

  Source archives:
      Size/MD5:    38055 dea20b8e851a879c6290b5466c937a48
      Size/MD5:     1435 9e7036689bfcecd4a366be7af70fce6c
      Size/MD5:  6013564 58419debd698638b4660d87eb995df91

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:  3274494 c108cc7e80cee86f3fe708cf0e625f95
      Size/MD5:  1258500 b081ca382fcace882cfa7f7a87811265
      Size/MD5:   266078 24e6c44b3d60a96a54fae31be656678d
      Size/MD5:    18366 fcc18745d82bff6445cc4c27fcf502f0
      Size/MD5:   313202 d86dc7d39ea92bc4dcabcd41dab2017a

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:  3217902 a535eec6a2be630a7a8a1855232af1dc
      Size/MD5:  1144946 94ad91a01878dc5e4b72ae77b7c0a241
      Size/MD5:   266966 503e44d18e075f9b6dea427785079717
      Size/MD5:    18380 2d6087c960480213ad875081fdbae02e
      Size/MD5:   298490 835b71e236996c9f694f8d9d7d9af98a

  armel architecture (ARM Architecture):
      Size/MD5:  3324502 909df1b9af55ae8658a188372fa2c154
      Size/MD5:  1072542 452d9d62c3960f91499f9e9754b16070
      Size/MD5:   264574 804e62f3bc7325dc6a69b3760ea71230
      Size/MD5:    18380 df5bd94df281827cbaa7563bfc7f9a50
      Size/MD5:   289206 18346c06f6e61aeace3f7325bc43a692

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:  3364664 cf525cf29c52a7cd3a4ed0de2ac586f2
      Size/MD5:  1221510 e2d988c52bd008edb6ee64be9a183053
      Size/MD5:   264814 bf3f96a4e05e830c9cff24e0f02d4885
      Size/MD5:    18368 33c6fe6b62251c2c8a70870394ee5f37
      Size/MD5:   310244 d736a7f5076c5ec79c76eea6bae7dbb2

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:  3028292 75defea29c1663f13d4ba367ee8956d8
      Size/MD5:  1136438 423ab727f3246e3e1e6422edf7a6455b
      Size/MD5:   261160 09a343bea327aad48bf3111d38f93e61
      Size/MD5:    18370 f01923e7a3856e5f386e51a3635db895
      Size/MD5:   305688 9744f756009cd4b732c25cd16148574f

Updated packages for Ubuntu 10.10:

  Source archives:
      Size/MD5:    38193 d741a486cafc332cc55b62f3d7d2f1e3
      Size/MD5:     1435 afc20c3bb86a444db575857145c66d07
      Size/MD5:  6013564 58419debd698638b4660d87eb995df91

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:  3274982 0022a0db51b8c9d315851f342c259db9
      Size/MD5:  1253100 ec835d735db4d371fabfe12c9c382b10
      Size/MD5:   266180 de8073c7e0e061852ee1b343ce446140
      Size/MD5:    18446 97e570d8d1ed942143a5c34bc6b738d6
      Size/MD5:   310300 7dc52627f62664c819e8c23fc9685604

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:  3217478 5ee5a883306bb37f0bd0fa6ebe887662
      Size/MD5:  1138148 e0e80a5ac1d11182e66d0c10be0f71c8
      Size/MD5:   263540 87d19074d8ce5ad821a93ad953f8125c
      Size/MD5:    18448 8ae4d8201a7f927b28a30600db0a1561
      Size/MD5:   296126 8e8b7dc7013c3b77f648349b019fa86c

  armel architecture (ARM Architecture):
      Size/MD5:  3299628 533ad71adc41ad833312fa91aeed3f97
      Size/MD5:  1134058 a354ae78ca59f3d188a5581a15072729
      Size/MD5:   265974 5929cb8b6a03513244f16bdda5663736
      Size/MD5:    18458 ce699284348433de50e5142b94b01798
      Size/MD5:   301332 86856705e5eefbbb200fdfc1b3cb9c98

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:  3363324 30dbf2985d99e13e2f5504977f72da20
      Size/MD5:  1211628 6108995eb1754feb090cb27db51b8346
      Size/MD5:   264906 8b115b3cc243df21ae59f1441caae35c
      Size/MD5:    18452 7d9562cfd3cdd7ade1d69f68ac57f7f5
      Size/MD5:   306866 aa0796a7509c4e33ccf5fb70d3d7be11

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.