=========================================================== Ubuntu Security Notice USN-927-6 July 23, 2010 nss vulnerability CVE-2009-3555 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: libnss3-1d 3.12.6-0ubuntu0.9.04.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 9.04. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it. Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.diff.gz Size/MD5: 36776 09e94267337a3318b4955b7a830f5244 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.dsc Size/MD5: 1651 a682fa17ab7385f06eae108e3b8eeb76 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz Size/MD5: 5947630 da42596665f226de5eb3ecfc1ec57cd1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_amd64.deb Size/MD5: 3355322 1901b0a2e9022baccca540cb776da507 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_amd64.deb Size/MD5: 1230706 a5be600c34d6c62f3c7c7d9fe8fe6807 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_amd64.deb Size/MD5: 263110 37bf5e46dc372000a1932336ded61143 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_amd64.deb Size/MD5: 17788 cb888df2baa2d06cf98091f1bd033496 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_amd64.deb Size/MD5: 318718 77e6de51c2beebe6a2570e1f70069d91 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_i386.deb Size/MD5: 3181812 ab6888c9709c1101e0f07bda925ea76b http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_i386.deb Size/MD5: 1112446 64e165966e297b247e220aa017851248 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_i386.deb Size/MD5: 260434 6dc65e066be54da5a4ad7e784c37fa49 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_i386.deb Size/MD5: 17790 6a4afb594384085b41502911476f9d27 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_i386.deb Size/MD5: 301968 a5f1eb30b4dd64bbac568873ad700887 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_lpia.deb Size/MD5: 3220356 1bed6847d860f8dd0a845062cf227322 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_lpia.deb Size/MD5: 1085226 c5e07d7711f257888071d97ff551f42e http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_lpia.deb Size/MD5: 259084 d6424f00ee83eaf9abb433768edb37c2 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_lpia.deb Size/MD5: 17788 217da64905b090392eb4acfa43d282c2 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_lpia.deb Size/MD5: 297772 7f223b5673372154a73cf84c9ed6bfda powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 3330434 d4c4fe0a437c5f2dd20b81df2cf936b5 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 1202898 b27bda4a282c5b46733dcc21519cc4b6 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 262126 bb796b31d740e38581a37003a89c18a5 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 17794 0109fab35491b7f7f6e8d9649acbd728 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 323344 8e6f667e0df078a4b68d72acddfc3326 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_sparc.deb Size/MD5: 2988064 97a10a1098bc541808ead09dcb1711c5 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_sparc.deb Size/MD5: 1074248 4de13c4f7e970d56fa65e6f0e472f320 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_sparc.deb Size/MD5: 257214 d1ee26bd6f9e26f93f8b8af403d41b1a http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_sparc.deb Size/MD5: 17794 2f08b7d40b6069754762083051c03f27 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_sparc.deb Size/MD5: 303452 b1dc3dbcbf441a81ef5005e72ad60620 -- Jamie Strandboge | http://www.canonical.com