rss-bot
March 17th, 2009, 07:40 PM
Referenced CVEs:
CVE-2004-2761
Description:
================================================== ========= Ubuntu Security Notice USN-740-1 March 17, 2009 nss, firefox vulnerability CVE-2004-2761 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libnss3 1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2 Ubuntu 7.10: libnss3-0d 3.11.5-3ubuntu0.7.10.2 Ubuntu 8.04 LTS: libnss3-0d 3.12.0.3-0ubuntu0.8.04.5 libnss3-1d 3.12.0.3-0ubuntu0.8.04.5 Ubuntu 8.10: libnss3-1d 3.12.0.3-0ubuntu5.8.10.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: The MD5 algorithm is known not to be collision resistant. This update blacklists the proof of concept rogue certificate authority as discussed in http://www.win.tue.nl/hashclash/rogue-ca/.
More... (http://www.ubuntu.com/usn/usn-740-1)
CVE-2004-2761
Description:
================================================== ========= Ubuntu Security Notice USN-740-1 March 17, 2009 nss, firefox vulnerability CVE-2004-2761 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libnss3 1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2 Ubuntu 7.10: libnss3-0d 3.11.5-3ubuntu0.7.10.2 Ubuntu 8.04 LTS: libnss3-0d 3.12.0.3-0ubuntu0.8.04.5 libnss3-1d 3.12.0.3-0ubuntu0.8.04.5 Ubuntu 8.10: libnss3-1d 3.12.0.3-0ubuntu5.8.10.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: The MD5 algorithm is known not to be collision resistant. This update blacklists the proof of concept rogue certificate authority as discussed in http://www.win.tue.nl/hashclash/rogue-ca/.
More... (http://www.ubuntu.com/usn/usn-740-1)