Monday, January 14, 2013

[USN-1687-1] NSS vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJQ9Iw3AAoJEFHb3FjMVZVzeM0P+gMCwPJML/bLM08rXcTnJ6XG
7Nukv2uOGC+SuzTurMupJWeZyyRMO87bG+Xg/LaOVRTpiZBtrYD+db2n03JaZ4oG
D181S7b0Bz5CgMWAAgHCICzZJuILLcEdT2Kg3yTQMUQNqFlm4dESh5U9qEWwDNVu
Ln0dPlHgtLHHqmQgwcnSLIkmTwDD9yXUU/AL/tnyN0xswSUUcqCNUnCruvotaJCC
TQnmzIoXfmA60d9v0Yc50IXo9EQbA0nHo6uAKU9z/IXc8LXSerwvE7f5VYT3ZuUB
dRvxVZsT33UnW9Vy2JZcEOua52vf+vLs68lMrcZZDyFWgC6Y+hMza5ZcxOiApm7x
2AkO0r2h7nZ3dtoKovhnDQ+t5I/pwzUVdoSNGp8tm/qgmEUqrUUr5fb1gojaBnOm
ceqtgEiqqRHbK5V+MwTAm7W0EyC2lTOr/0xRYvz8e4OAQ/ZEG/AIvcURE1oN6O/g
KR/b81OGG+I7Zxg60jgohN3ltJqTCj28z1oC5ZJiocYfrjO1xMeiUNxVYH1YJDtw
zw1h19ezK/LTdD8or6rhEW8HjX/JxZ9z/uJcqdTetEheWHv9vQqzCMds8FIphb/4
ee+i6fYVUjtLr3phDfCVtWxAglwBaFbWQQHQMqDjmDxJg5D+X3ee/pJQ8HVTBiyO
942VjaPZVWiYlNrei8NM
=AVw+
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1687-1
January 14, 2013

nss vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS

Summary:

Fraudulent security certificates could allow sensitive information to
be exposed when accessing the Internet.

Software Description:
- nss: Network Security Service library

Details:

Two intermediate CA certificates were mis-issued by the TURKTRUST
certificate authority. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to view sensitive
information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
libnss3-1d 3.14.1-0ckbi1.93ubuntu.0.12.10.1

Ubuntu 12.04 LTS:
libnss3-1d 3.14.1-0ckbi1.93ubuntu.0.12.04.1

Ubuntu 11.10:
libnss3-1d 3.14.1-0ckbi1.93ubuntu.0.11.10.1

Ubuntu 10.04 LTS:
libnss3-1d 3.14.1-0ckbi1.93ubuntu.0.10.04.1

After a standard system update you need to restart any applications that
use NSS, such as Evolution and Chromium, to make all the necessary
changes.

References:
http://www.ubuntu.com/usn/usn-1687-1
CVE-2013-0743

Package Information:
https://launchpad.net/ubuntu/+source/nss/3.14.1-0ckbi1.93ubuntu.0.12.10.1
https://launchpad.net/ubuntu/+source/nss/3.14.1-0ckbi1.93ubuntu.0.12.04.1
https://launchpad.net/ubuntu/+source/nss/3.14.1-0ckbi1.93ubuntu.0.11.10.1
https://launchpad.net/ubuntu/+source/nss/3.14.1-0ckbi1.93ubuntu.0.10.04.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)