Search This Blog

Wednesday, August 26, 2009

[SECURITY] [DSA 1874-1] New nss packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1874-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 26, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : nss
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2009-2404 CVE-2009-2408 CVE-2009-2409

Several vulnerabilities have been discovered in the Network Security
Service libraries. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2009-2404

Moxie Marlinspike discovered that a buffer overflow in the regular
expression parser could lead to the execution of arbitrary code.

CVE-2009-2408

Dan Kaminsky discovered that NULL characters in certificate
names could lead to man-in-the-middle attacks by tricking the user
into accepting a rogue certificate.

CVE-2009-2409

Certificates with MD2 hash signatures are no longer accepted
since they're no longer considered cryptograhically secure.


The old stable distribution (etch) doesn't contain nss.

For the stable distribution (lenny), these problems have been fixed in
version 3.12.3.1-0lenny1.

For the unstable distribution (sid), these problems have been fixed in
version 3.12.3.1-1.

We recommend that you upgrade your nss packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1-0lenny1.dsc
Size/MD5 checksum: 1401 1dbc1107598064214fa689733495c56c
http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1.orig.tar.gz
Size/MD5 checksum: 5320607 750839c9c018a0984fd94f7a9cc3dd7f
http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1-0lenny1.diff.gz
Size/MD5 checksum: 52489 96f62370296f7d18a9748429ac99525f

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_alpha.deb
Size/MD5 checksum: 3048842 6b764e28ae56542572a4275e50c4d303
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_alpha.deb
Size/MD5 checksum: 267250 b00f4c63a8d27a54fb562029411daf0e
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_alpha.deb
Size/MD5 checksum: 1204106 c8ba098d6cc0af39ab93cd728ca7bb19
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_alpha.deb
Size/MD5 checksum: 342544 2191bbcd5708f719392c8489bde7a0c6

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_amd64.deb
Size/MD5 checksum: 256944 7a31770b748ff56ba45ac55044960b6d
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_amd64.deb
Size/MD5 checksum: 1069628 eea22c2ccef5375689fe581de8152a61
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_amd64.deb
Size/MD5 checksum: 321374 1b86ac1f27fee3287f1418973595a4e9
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_amd64.deb
Size/MD5 checksum: 3099080 f4112f9f06d87e6139097a27e1419664

arm architecture (ARM)

http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_arm.deb
Size/MD5 checksum: 2900162 21604ffa61b7f5049f0f919030fec0f0
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_arm.deb
Size/MD5 checksum: 1011344 78bc0d853274ca2fc9f36752ed9f9c51
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_arm.deb
Size/MD5 checksum: 308766 e7547e80f6726b91611f9b92d83aa6b3
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_arm.deb
Size/MD5 checksum: 254374 ead00e7f25c47cc4b8b1ed99801c4ab9

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_armel.deb
Size/MD5 checksum: 257820 a17086cca6fdaf26e5a6b3fb84ae476d
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_armel.deb
Size/MD5 checksum: 308198 f24e01f4b2396193a314a965555374e8
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_armel.deb
Size/MD5 checksum: 1017054 d1086599e6a1904548804d538f90c810
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_armel.deb
Size/MD5 checksum: 2923084 b5e1d56b749941124c8b91f063d44c19

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_hppa.deb
Size/MD5 checksum: 263122 b611c51dae677b42befac5f2e638d941
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_hppa.deb
Size/MD5 checksum: 347148 c725c156c6cd17d09421e066548c673d
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_hppa.deb
Size/MD5 checksum: 1169014 d5858e4c11ca0b88f59c24af1a251eea
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_hppa.deb
Size/MD5 checksum: 2948790 92a46a3cd9b2db3c7f0d07d817a03ba4

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_i386.deb
Size/MD5 checksum: 957706 21a666157a0a208d8405df062b3276d2
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_i386.deb
Size/MD5 checksum: 304016 9771905fcb4acd6855158c8645722762
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_i386.deb
Size/MD5 checksum: 2913468 89b7116120a075a7795615d062bd7450
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_i386.deb
Size/MD5 checksum: 254478 7747ea82c2d9e93c6a610d60094fb316

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_ia64.deb
Size/MD5 checksum: 267008 94a0fe98c183a728df7e64826f8b2c46
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_ia64.deb
Size/MD5 checksum: 410780 a834a4f57ddc003570c6eaaafbc87032
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_ia64.deb
Size/MD5 checksum: 2797788 1a1f375f7713f69acdf01e77f779b28b
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_ia64.deb
Size/MD5 checksum: 1489492 a468da7ac4219e564793d06978a6be07

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_mips.deb
Size/MD5 checksum: 257808 fc1a4db95e71876cf0ffbe0b49327148
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_mips.deb
Size/MD5 checksum: 3049346 fc35475e7157e1859c154556ecb648b3
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_mips.deb
Size/MD5 checksum: 318740 fbafbce5a6d9498d8cd1fe1d8f1eaebc
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_mips.deb
Size/MD5 checksum: 1038702 0723e7d8621b7d65517cc3945a9790be

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_mipsel.deb
Size/MD5 checksum: 1028286 81e4bcd025b2ee3996de08b9fdb0b23a
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_mipsel.deb
Size/MD5 checksum: 317082 8b16e198a97ffb60df698767fef8cc35
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_mipsel.deb
Size/MD5 checksum: 2999704 d1f9bf1211ec7aa9458dcdd673a4a709
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_mipsel.deb
Size/MD5 checksum: 257740 82ed6773d6e942a70f1274e4a241bdd9

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_powerpc.deb
Size/MD5 checksum: 255174 6abcf8f6d427c29f704ca156dc201113
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_powerpc.deb
Size/MD5 checksum: 1029684 997fec6bb01c10e9e3c6aa15f0f78386
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_powerpc.deb
Size/MD5 checksum: 334590 1c8056037d5bccdad7977b49d3910065
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_powerpc.deb
Size/MD5 checksum: 2946754 1739d7e55a79d8e85dc5e668180846ae

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_s390.deb
Size/MD5 checksum: 1178522 0e72b044e78bca218a8d55c20c16e8d5
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_s390.deb
Size/MD5 checksum: 3020690 7115f25dbf7c31c55e768d48a29c8b46
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_s390.deb
Size/MD5 checksum: 258572 f8bf00777c295c76b0071a1354b011fa
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_s390.deb
Size/MD5 checksum: 346234 accf6855c0b8ea6d087bf062b2ac1d7b

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_sparc.deb
Size/MD5 checksum: 317482 f2f321d58890c1edb386ebc224ac052e
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_sparc.deb
Size/MD5 checksum: 996192 cf17776aa8674a8c7e71527b6534b0e2
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_sparc.deb
Size/MD5 checksum: 257464 2452b9eef9a3c0b786d4dc4afc2d16ae
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_sparc.deb
Size/MD5 checksum: 2712012 910e98017dabb5adcc109f05f94b1a56


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqVhkcACgkQXm3vHE4uylpTzACgw3nQF03hRSfcEOdoLuFPoEB6
3qsAoLX3vrb6zwD2aC/NYwDAg6X3mTgf
=u47A
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

No comments: