Wednesday, September 24, 2014

[USN-2361-1] NSS vulnerability

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUIyHYAAoJEGVp2FWnRL6TYSIP/1JTdFr5loVBsvPvIVr/jpl0
N3/PeonPAATPS3rlMl/cM/dg8dwVIA5907e628Qm/D8fr/2SmeOJyJM+AkUJjELc
8dF1vg/R19LTPVhmP9tWZgNgILAcv4eWRo3Y6JzhER4TQry+plW4bbS7c1pcp7Dy
Bu3DUIqe+SHPTqfGp+fVmohBlJTL9/COxONduS8V6kV3JXJFyiGalQFKK6NYTbYp
MR6p06+ViCDLi8hpR0lTfAKtD/y6uuNdKUaHvL9WsMyKsaErGsmVTz53VRuFPC/k
+ImJKpDWhvBZbH8Ot7p4GmMpBQeBo9NH1d8qkcC907ucbILCjjq5NvScbBXVJTMj
ExxWAnohNn+Mu2ZiEZfSX9UHWldbMOzEbysXmViDhCI3nQ/VFMc0IUL7RxVbb9xK
2U30OKdnxBFYgmNf17jdOe8N5orANeOqDW/2Plb/HflCCF6kawE0wc652PYEWypy
5mpmgjgkW+tXeT9ubd8Kl3ZWbeuZ4x1DjdR3vrk50DWLgYNm1FEn8dzw7eNrqbqD
vhVeAdFeugbDbDNIrQAans2Lq0Ewnf3hUTdLnDDZn96rFJ8nAp7QrS0yVaz13V0g
F/WUtaw18LTPn8cBDE1XUhtyCIxhFrD0XxBescXVsw7JHPlU4lylEe2Y1ZhwqZ/D
J9G6V2K0xe0y/8vCRTIv
=r8OH
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2361-1
September 24, 2014

nss vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

Fraudulent security certificates could allow sensitive information to
be exposed when accessing the Internet.

Software Description:
- nss: Network Security Service library

Details:

Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled
parsing ASN.1 values. An attacker could use this issue to forge RSA
certificates.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
libnss3 2:3.17.1-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:
libnss3 3.17.1-0ubuntu0.12.04.1

Ubuntu 10.04 LTS:
libnss3-1d 3.17.1-0ubuntu0.10.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use NSS, such as Evolution and Chromium, to make all the necessary
changes.

References:
http://www.ubuntu.com/usn/usn-2361-1
CVE-2014-1568

Package Information:
https://launchpad.net/ubuntu/+source/nss/2:3.17.1-0ubuntu0.14.04.1
https://launchpad.net/ubuntu/+source/nss/3.17.1-0ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/nss/3.17.1-0ubuntu0.10.04.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)