Sicherheit: Invalidierung von Zertifikaten in NSPR (Aktualisierung)

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============2447338443151611662==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enig67BFAF8FCB16E7754E02CD02"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig67BFAF8FCB16E7754E02CD02
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1687-2
January 14, 2013

nspr update
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS

Summary:

NSPR update to work with the new NSS.

Software Description:
- nspr: NetScape Portable Runtime Library

Details:

USN-1687-1 fixed a vulnerability NSS. This update provides the NSPR needed
to use the new NSS.

Original advisory details:

Two intermediate CA certificates were mis-issued by the TURKTRUST
certificate authority. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to view sensitive
information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
libnspr4-0d 4.9.4-0ubuntu0.12.10.1

Ubuntu 12.04 LTS:
libnspr4-0d 4.9.4-0ubuntu0.12.04.1

Ubuntu 11.10:
libnspr4-0d 4.9.4-0ubuntu0.11.10.1

Ubuntu 10.04 LTS:
libnspr4-0d 4.9.4-0ubuntu0.10.04.1

After a standard system update you need to restart any applications that
use NSS, such as Evolution and Chromium, to make all the necessary
changes.

References:
http://www.ubuntu.com/usn/usn-1687-2
http://www.ubuntu.com/usn/usn-1687-1
CVE-2013-0743

Package Information:
https://launchpad.net/ubuntu/+source/nspr/4.9.4-0ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/nspr/4.9.4-0ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/nspr/4.9.4-0ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/nspr/4.9.4-0ubuntu0.10.04.1

--------------enig67BFAF8FCB16E7754E02CD02
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJQ9I77AAoJEFHb3FjMVZVz6LEP/ilzEpVUuKP6H76TVD75iZY4
Wmi71zPX4rkOeq+YdsrUi/I0PR2lcooF6GbqAzmVbHuSSXfY2LHp7aUbH3tFa0yf
bLbbyQNVO+GgUiIZTXaQ38RHftRPYAR1Ep/4VymovdArGB9Yz/AG6m76A7JwR1F3
Z9btVAdyz/WRaSGpSS2154yyzBE88us4+PkndAoKfmcsqBGjhvDveq00gCPOttq3
uGIHdeNT6HMAStggEQTQbk5W/rTsvBQUaBN4fVjb0NvD0f57GyCIrt6UgVgLshoS
msXZei2tt9djh1+k1RT22eP0EqyoW2dDGfQWcCuQ4u1KsJeyFpmGn+1GBMwsk6mF
BadckbKm5y9sqzB87iv1Le/r/rkXj60YnwYhm0jJZmXbveHfzset21055r9fr9q4
EZtE/gA/zZdCGIdoLUa7Rn8nDdt8yc6UzoN/CdOkikEGBa9sWKV2kmH2uGyYEkyl
XyPEGeN2nWQHNbwAsU3n997gh2y8xUK2UnW1EWnRPM8LmPB9rwLEqO5co7Up/R/3
k5+uzp2qt8Z6EaLdm1jvEZ5+OhzTKd71s8bYCb1VH0Q24rmOeYooFaORU4Xx5bGZ
GQxDza1Qty/rf0ENwBBLZGBJet1MueB51Iq1muku8LoznoZG2ZKJEDo0eogH9xhC
FmN7GfWFRolIYZNHD8MT
=Px82
-----END PGP SIGNATURE-----

--------------enig67BFAF8FCB16E7754E02CD02--

--===============2447338443151611662==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============2447338443151611662==--