Sicherheit: Preisgabe von Informationen in NSS

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============0335805066911994258==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enig2452AEB1B63F926EC6448DCA"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig2452AEB1B63F926EC6448DCA
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1763-1
March 14, 2013

nss vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS

Summary:

NSS could be made to expose sensitive information over the network.

Software Description:
- nss: Network Security Service library

Details:

Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used
in NSS was vulnerable to a timing side-channel attack known as the
"Lucky Thirteen" issue. A remote attacker could use this issue to
perform
plaintext-recovery attacks via analysis of timing data.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
libnss3 3.14.3-0ubuntu0.12.10.1

Ubuntu 12.04 LTS:
libnss3 3.14.3-0ubuntu0.12.04.1

Ubuntu 11.10:
libnss3 3.14.3-0ubuntu0.11.10.1

Ubuntu 10.04 LTS:
libnss3-1d 3.14.3-0ubuntu0.10.04.1

After a standard system update you need to restart any applications that
use NSS, such as Evolution and Chromium, to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1763-1
CVE-2013-1620

Package Information:
https://launchpad.net/ubuntu/+source/nss/3.14.3-0ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/nss/3.14.3-0ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/nss/3.14.3-0ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/nss/3.14.3-0ubuntu0.10.04.1

--------------enig2452AEB1B63F926EC6448DCA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRQiTZAAoJEFHb3FjMVZVzPIAP/j4sZgeuLFlZECBbgt9XdALM
rY07Xv8uA9mGYWGvmdkpWbUzuy7G98qfctBFEQa8T4UDJkhd05ERVYvueYjmb2lK
jIhNvfOo0QSSfssRkrbB9PsYN/4hDt3o1ZWwns8tMrEC0ynmQooHRFtpnZftLueQ
lYveoh7vLvD2Ic3tt2cjyqbEApjYLLsTEX12hMZa9kWPng6E20jyPBr1AEkZWqfe
d5O5xZuUs4+m+624QcdinmgWItJUuDH85Q1od5sinFZXZKrSVk/kyh0jznthwLJI
W9xjeyR2P1ljcyn7B3nr2VieQUuKONmRJvyd1/5v3lTMAPEHFgsboZ1MP8OzzUMc
ZZtT5QohOA6WF8FEpbINqFBX3VxSdTo8UUJ/iP3oLH+7yMlVLQJFQFw7nMJSN7ZP
CpAzmi+IdztVLA251LSaM1OFdYsj9dlHupiYp8owuOaHXkxPebPTFyjRIou3y5SI
ZDaybhnHXx89UqlGht7iHcjjc0QE5rpxptZjNNhZzBC9Z5HvSYRX4IH1D4gbZWmb
hREOnSjctaFPmX0qjv6hW4pSh3Tz37CWcTd01kO+t3e37zhpmwOtDA4x3zFNz2ej
wXoNihLB2SJYgEZhyH+se6gF6S1IVYh3QvmY+BQCAbR/gBwje+uPXEbs6/8oWNDl
o8j1Qcytn62l7shN95EV
=0Mrg
-----END PGP SIGNATURE-----

--------------enig2452AEB1B63F926EC6448DCA--

--===============0335805066911994258==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============0335805066911994258==--