Sicherheit: Ausführen beliebiger Kommandos in NSPR

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============7097129875844778419==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="EGk9Wcb0cbkth8x9cF8KuTXwooG2f6veJ"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--EGk9Wcb0cbkth8x9cF8KuTXwooG2f6veJ
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2087-1
January 23, 2014

nspr vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

NSPR could be made to crash or run programs if it received a specially
crafted certificate.

Software Description:
- nspr: NetScape Portable Runtime Library

Details:

It was discovered that NSPR incorrectly handled certain malformed X.509
certificates. A remote attacker could use a crafted X.509 certificate to
cause NSPR to crash, leading to a denial of service, or possibly execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
libnspr4 2:4.9.5-1ubuntu1.1

Ubuntu 12.10:
libnspr4 4.9.5-0ubuntu0.12.10.2

Ubuntu 12.04 LTS:
libnspr4 4.9.5-0ubuntu0.12.04.2

Ubuntu 10.04 LTS:
libnspr4-0d 4.9.5-0ubuntu0.10.04.2

After a standard system update you need to restart your session to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2087-1
CVE-2013-5607

Package Information:
https://launchpad.net/ubuntu/+source/nspr/2:4.9.5-1ubuntu1.1
https://launchpad.net/ubuntu/+source/nspr/4.9.5-0ubuntu0.12.10.2
https://launchpad.net/ubuntu/+source/nspr/4.9.5-0ubuntu0.12.04.2
https://launchpad.net/ubuntu/+source/nspr/4.9.5-0ubuntu0.10.04.2

--EGk9Wcb0cbkth8x9cF8KuTXwooG2f6veJ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJS4UGlAAoJEGVp2FWnRL6TKeYQAKMjfYckdA8fcJG+cu5nXtJq
FKDVJ4fDKjcQP/aCw5x5/0Do8IsLC2Pe2dgbLgIyNY5DLvcQaVM5TtRsfXvA2H2b
RP3HlRVedcoCRh7H5ha+VDR+7kYaGVupKf8kwyDsumt/wYFYKHDGtBJDsiXN79JA
krY7Ghvlr3L2JiALlPHsghSkQC6UwQ32qRBWOP0IT8vWtaX6nrB2l7HNQPxkNrm1
6rEQt/OIaRRbAmrkEnjXd9p0mzC86gcszohYzxXf83HWONMg7SbijLvSdz8LzR1N
zMhU3Rn/aa0H1jJ/d/zD6ftzsnYKzVaavl3Q/Nsmic7kAbNuZp6wmwf5PgR0vGo6
E30KS6vi9qI1FHxnBdtfdTy+MCubDZgHTJmgB6Mnr2ciLJHABLV9rPN49g9BtqNP
mvweiPecGxD6CSHgR1PyrVCY35+jcdNUNdhSCqJR/j4kDnybPa64UCplhpOs8keQ
Kn1i2fuRd8BUgiWIJk8i2EUYn+GPao8FqKAuQ/GOkaHBE/Dr5ogtIJx1V7FUYgKU
v0BdhWW0HoSUaA6/LSd3tEEEs7tpzWV+y0AJ3cfTnt2e2dFJiolo6AK06Pozu9zC
45J1ZpBM5tae0seIpOr5z3GlK9yt1FXRDoNGrz+8TRxEyKSciVP9axP0vs6RWOnt
KcbQSmUwKDjf4xi84DVJ
=vLNM
-----END PGP SIGNATURE-----

--EGk9Wcb0cbkth8x9cF8KuTXwooG2f6veJ--

--===============7097129875844778419==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============7097129875844778419==--