Home / mailings [USN-1197-4] NSS vulnerability
Posted on 08 September 2011
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-1197-4
September 08, 2011
nss vulnerability
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
A certificate authority mis-issued fraudulent certificates.
Software Description:
- nss: Network Security Service libraries
Details:
USN-1197-1 and USN-1197-3 addressed an issue in Firefox and Xulrunner
pertaining to the Dutch Certificate Authority DigiNotar mis-issuing
fraudulent certificates. This update provides the corresponding update
for the Network Security Service libraries (NSS).
Original advisory details:
USN-1197-1
It was discovered that Dutch Certificate Authority DigiNotar, had
mis-issued multiple fraudulent certificates. These certificates could al=
low
an attacker to perform a "man in the middle" (MITM) attack which would m=
ake
the user believe their connection is secure, but is actually being
monitored.
=20
For the protection of its users, Mozilla has removed the DigiNotar
certificate. Sites using certificates issued by DigiNotar will need to s=
eek
another certificate vendor.
=20
We are currently aware of a regression that blocks one of two Staat der
Nederlanden root certificates which are believed to still be secure. Thi=
s
regression is being tracked at https://launchpad.net/bugs/838322.
USN-1197-3
USN-1197-1 partially addressed an issue with Dutch Certificate Authority=
DigiNotar mis-issuing fraudulent certificates. This update actively
distrusts the DigiNotar root certificate as well as several intermediary=
certificates. Also included in this list of distrusted certificates are =
the
"PKIOverheid" (PKIGovernment) intermediates under DigiNotar's control th=
at
did not chain to DigiNotar's root and were not previously blocked.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
libnss3 3.12.9+ckbi-1.82-0ubuntu2.1
Ubuntu 10.10:
libnss3-1d 3.12.9+ckbi-1.82-0ubuntu0.10.10.3
Ubuntu 10.04 LTS:
libnss3-1d 3.12.9+ckbi-1.82-0ubuntu0.10.04.3
After a standard system update you need to restart any applications that
use NSS, such as Thunderbird or Evolution, to make all the necessary
changes.
References:
http://www.ubuntu.com/usn/usn-1197-4
http://www.ubuntu.com/usn/usn-1197-1
http://www.ubuntu.com/usn/usn-1197-3, https://launchpad.net/bugs/837557=
Package Information:
https://launchpad.net/ubuntu/+source/nss/3.12.9+ckbi-1.82-0ubuntu2.1
https://launchpad.net/ubuntu/+source/nss/3.12.9+ckbi-1.82-0ubuntu0.10.1=
0.3
https://launchpad.net/ubuntu/+source/nss/3.12.9+ckbi-1.82-0ubuntu0.10.0=
4.3
------------
