USN-1106-1: NSS vulnerabilities

6 April 2011

nss vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 10.10
  • Ubuntu 10.04 LTS
  • Ubuntu 9.10
  • Ubuntu 8.04 LTS

Summary

Update to blacklist fraudulent Comodo certificates

Software Description

  • nss - Transition package for Network Security Service libraries

Details

It was discovered that several invalid HTTPS certificates were issued and revoked. An attacker could exploit these to perform a man in the middle attack to view sensitive information or alter encrypted communications. These certificates were marked as explicitly not trusted to prevent their misuse.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 10.10
libnss3-1d - 3.12.9+ckbi-1.82-0ubuntu0.10.10.1
Ubuntu 10.04 LTS
libnss3-1d - 3.12.9+ckbi-1.82-0ubuntu0.10.04.1
Ubuntu 9.10
libnss3-1d - 3.12.9+ckbi-1.82-0ubuntu0.9.10.1
Ubuntu 8.04 LTS
libnss3-1d - 3.12.9+ckbi-1.82-0ubuntu0.8.04.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart any applications that use NSS, such as Thunderbird or Evolution, to make all the necessary changes.

References