Friday, December 20, 2013

[USN-2063-1] NSS vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJStJHFAAoJEGVp2FWnRL6TIKoQALCVlHr7z6i6HdP6Oaagf15r
fxQ7qjODF+pRi0N6k4RiR9HqJzMlvTM6ceIiM5kU7JsYrD/KoC46pyZjq4bxx94V
6OnlOceQDRl3PQp50vFgDkauvl0dDOUdKwEwpTlgPSF9LyN9/M4J4DzD+C/huXOR
5IrXAeI33V7WP1I+HDOIc5vnc2okJeTA2GIyswyCpA3l8TVYeaOa0BuUT6uvuNfy
eWZQUN5tDs1NBx1VucDou2/zSiFCJlikPwmWmI5fmjN3taBYRUSGRV2pswSJElei
ParRdwIJamlc/iIpMqFrrOEk1H1OwxQDrISdUIW4hWNQo2YpisVFhVO6hflScj2E
uT3vzUJKYxWxbXhD9vlxjZofeQjiWfSuF+09RFBxA/boFHw1sNI9QxA1CbgC8d+A
gDkjT9Js99VUbedoRskEuWvRE2eewf8aoq/jYiOyw172z5XgN9rm055vWfQ0CXD3
BxWM8CUdtXTww6I60HUj0shgHIRS3v6AwiZUGEg/BqUm4Q4PU4sfrqrfd+D4k63P
hgEL/jPrSTtlhHb4Lzu/PvQaa/6PGRmaFBXiK/eSFfrRS/CADeSMaxCTgJE9AgAL
v5pBQO+3f7RFvV2x/bSDUJ2+HJKrugaf6vN2MbJpLUQip2042P7xGw7X3rPmdcX+
o7BgajKzP/pU4X7YtJFK
=wrYQ
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2063-1
December 20, 2013

nss vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.10
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

Fraudulent security certificates could allow sensitive information to
be exposed when accessing the Internet.

Software Description:
- nss: Network Security Service library

Details:

It was discovered that an intermediate certificate was incorrectly issued
by a subordinate certificate authority of a trusted CA included in NSS.
This intermediate certificate could be used in a man-in-the-middle attack,
and has such been marked as untrusted in this update.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
libnss3 2:3.15.3.1-0ubuntu0.13.10.1

Ubuntu 13.04:
libnss3 2:3.15.3.1-0ubuntu0.13.04.1

Ubuntu 12.10:
libnss3 3.15.3.1-0ubuntu0.12.10.1

Ubuntu 12.04 LTS:
libnss3 3.15.3.1-0ubuntu0.12.04.1

Ubuntu 10.04 LTS:
libnss3-1d 3.15.3.1-0ubuntu0.10.04.1

After a standard system update you need to restart any applications that
use NSS, such as Evolution and Chromium, to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2063-1
https://launchpad.net/bugs/1263135

Package Information:
https://launchpad.net/ubuntu/+source/nss/2:3.15.3.1-0ubuntu0.13.10.1
https://launchpad.net/ubuntu/+source/nss/2:3.15.3.1-0ubuntu0.13.04.1
https://launchpad.net/ubuntu/+source/nss/3.15.3.1-0ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/nss/3.15.3.1-0ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/nss/3.15.3.1-0ubuntu0.10.04.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)