Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
USN-922-1: libnss-db vulnerability
Posted by Bob on: 03/31/2010 09:00 PM [ Print | 0 comment(s) ]
A new libnss-db vulnerability update is available for Ubuntu Linux. Here the announcement:
Ubuntu Security Notice USN-922-1 March 31, 2010
libnss-db vulnerability
CVE-2010-0826
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
libnss-db 2.2.3pre1-3ubuntu1.8.04.2
Ubuntu 8.10:
libnss-db 2.2.3pre1-3ubuntu1.8.10.2
Ubuntu 9.04:
libnss-db 2.2.3pre1-3ubuntu3.9.04.2
Ubuntu 9.10:
libnss-db 2.2.3pre1-3ubuntu3.9.10.2
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Stephane Chazelas discovered that libnss-db did not correctly set up a
database environment. A local attacker could exploit this to read the
first line of arbitrary files, leading to a loss of privacy and possibly
privilege escalation.
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.04.2.diff.gz
Size/MD5: 517634 340efc402c8b2f7326c3f16ab694d0df
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.04.2.dsc
Size/MD5: 1022 69032365bd9f24e8a99cbc8d68eb415e
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1.orig.tar.gz
Size/MD5: 235360 b4440ba2865d28e9068e465426c19ede
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.04.2_amd64.deb
Size/MD5: 27790 5b4f1ca2abf0c63e88c1dc3ea9b2e862
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.04.2_i386.deb
Size/MD5: 26078 333db9551f6d7b13a1c7e77abe8a8d64
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.04.2_lpia.deb
Size/MD5: 25830 71fcfc9642e9d41f4023a481487a12e0
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.04.2_powerpc.deb
Size/MD5: 29488 3526a671bc2f498945b630e2801a0120
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.04.2_sparc.deb
Size/MD5: 25974 1d3286113878cd972956710285c28aef
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.10.2.diff.gz
Size/MD5: 520678 30aa88974f0353eb151484fdb08221a7
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.10.2.dsc
Size/MD5: 1454 3d5c2f0c417203490962f6993e07fc7a
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1.orig.tar.gz
Size/MD5: 235360 b4440ba2865d28e9068e465426c19ede
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.10.2_amd64.deb
Size/MD5: 27864 1f8814425488e56279bc3cafa98a344b
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.10.2_i386.deb
Size/MD5: 26102 2a393ea3d246bdb80fb785ed9f385f08
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.10.2_lpia.deb
Size/MD5: 26030 80e48bbb31ba51552a26eba264e2f3a0
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.10.2_powerpc.deb
Size/MD5: 29406 3742ba8e8b62b4417ba6063511076dc7
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.10.2_sparc.deb
Size/MD5: 26192 7fac30eec8b18445296530c21a0ac54e
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.04.2.diff.gz
Size/MD5: 520796 8b8385951a229138681591fc6d9c066d
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.04.2.dsc
Size/MD5: 1454 bd14227b2e022d15b27dc7376cb78b44
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1.orig.tar.gz
Size/MD5: 235360 b4440ba2865d28e9068e465426c19ede
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.04.2_amd64.deb
Size/MD5: 27994 4af7bd72b6cf6f8787f761e49bbda5f4
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.04.2_i386.deb
Size/MD5: 26232 c97642d832eaf8f90b3d563434c9498d
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.04.2_lpia.deb
Size/MD5: 26138 a38eedb037ba1eeb93ee0d4a35233869
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.04.2_powerpc.deb
Size/MD5: 29550 b1fdb2c966e8e81425a5838ef043a26f
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.04.2_sparc.deb
Size/MD5: 26250 e7a918fec55b148e9ff3d749e217387e
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.10.2.diff.gz
Size/MD5: 520798 8bfc7f33c0f7ced9ca4cc47c854c11e9
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.10.2.dsc
Size/MD5: 1454 b79b2833b0c30cd92edb44513837e53c
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1.orig.tar.gz
Size/MD5: 235360 b4440ba2865d28e9068e465426c19ede
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.10.2_amd64.deb
Size/MD5: 28130 14a4238962ee33e44489d94e4dbfeddb
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.10.2_i386.deb
Size/MD5: 26372 47716613b66e9ee0be23cc46f7493bf2
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.10.2_lpia.deb
Size/MD5: 26130 93caa6343ce3d324b029b213ed95a257
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.10.2_powerpc.deb
Size/MD5: 27488 e400c27ac8269da19c2e2c26253652d9
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.10.2_sparc.deb
Size/MD5: 26234 0611d6a34a988914154ef6484e7472d5
--uQr8t48UFsdbeI+V
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Kees Cook lt;kees@outflux.netgt;
iEYEARECAAYFAkuzpU0ACgkQH/9LqRcGPm0l5gCcCN+lOP6jP3cKB/eAJNu7ykbG
AgwAmgMO5O0rYnTgXQCSDB9jXLoRbxFk
=JFPO
-----END PGP SIGNATURE-----
libnss-db vulnerability
CVE-2010-0826
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
libnss-db 2.2.3pre1-3ubuntu1.8.04.2
Ubuntu 8.10:
libnss-db 2.2.3pre1-3ubuntu1.8.10.2
Ubuntu 9.04:
libnss-db 2.2.3pre1-3ubuntu3.9.04.2
Ubuntu 9.10:
libnss-db 2.2.3pre1-3ubuntu3.9.10.2
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Stephane Chazelas discovered that libnss-db did not correctly set up a
database environment. A local attacker could exploit this to read the
first line of arbitrary files, leading to a loss of privacy and possibly
privilege escalation.
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.04.2.diff.gz
Size/MD5: 517634 340efc402c8b2f7326c3f16ab694d0df
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.04.2.dsc
Size/MD5: 1022 69032365bd9f24e8a99cbc8d68eb415e
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1.orig.tar.gz
Size/MD5: 235360 b4440ba2865d28e9068e465426c19ede
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.04.2_amd64.deb
Size/MD5: 27790 5b4f1ca2abf0c63e88c1dc3ea9b2e862
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.04.2_i386.deb
Size/MD5: 26078 333db9551f6d7b13a1c7e77abe8a8d64
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.04.2_lpia.deb
Size/MD5: 25830 71fcfc9642e9d41f4023a481487a12e0
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.04.2_powerpc.deb
Size/MD5: 29488 3526a671bc2f498945b630e2801a0120
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.04.2_sparc.deb
Size/MD5: 25974 1d3286113878cd972956710285c28aef
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.10.2.diff.gz
Size/MD5: 520678 30aa88974f0353eb151484fdb08221a7
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.10.2.dsc
Size/MD5: 1454 3d5c2f0c417203490962f6993e07fc7a
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1.orig.tar.gz
Size/MD5: 235360 b4440ba2865d28e9068e465426c19ede
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.10.2_amd64.deb
Size/MD5: 27864 1f8814425488e56279bc3cafa98a344b
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.10.2_i386.deb
Size/MD5: 26102 2a393ea3d246bdb80fb785ed9f385f08
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.10.2_lpia.deb
Size/MD5: 26030 80e48bbb31ba51552a26eba264e2f3a0
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.10.2_powerpc.deb
Size/MD5: 29406 3742ba8e8b62b4417ba6063511076dc7
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu1.8.10.2_sparc.deb
Size/MD5: 26192 7fac30eec8b18445296530c21a0ac54e
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.04.2.diff.gz
Size/MD5: 520796 8b8385951a229138681591fc6d9c066d
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.04.2.dsc
Size/MD5: 1454 bd14227b2e022d15b27dc7376cb78b44
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1.orig.tar.gz
Size/MD5: 235360 b4440ba2865d28e9068e465426c19ede
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.04.2_amd64.deb
Size/MD5: 27994 4af7bd72b6cf6f8787f761e49bbda5f4
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.04.2_i386.deb
Size/MD5: 26232 c97642d832eaf8f90b3d563434c9498d
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.04.2_lpia.deb
Size/MD5: 26138 a38eedb037ba1eeb93ee0d4a35233869
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.04.2_powerpc.deb
Size/MD5: 29550 b1fdb2c966e8e81425a5838ef043a26f
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.04.2_sparc.deb
Size/MD5: 26250 e7a918fec55b148e9ff3d749e217387e
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.10.2.diff.gz
Size/MD5: 520798 8bfc7f33c0f7ced9ca4cc47c854c11e9
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.10.2.dsc
Size/MD5: 1454 b79b2833b0c30cd92edb44513837e53c
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1.orig.tar.gz
Size/MD5: 235360 b4440ba2865d28e9068e465426c19ede
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.10.2_amd64.deb
Size/MD5: 28130 14a4238962ee33e44489d94e4dbfeddb
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.10.2_i386.deb
Size/MD5: 26372 47716613b66e9ee0be23cc46f7493bf2
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.10.2_lpia.deb
Size/MD5: 26130 93caa6343ce3d324b029b213ed95a257
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.10.2_powerpc.deb
Size/MD5: 27488 e400c27ac8269da19c2e2c26253652d9
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libn/libnss-db/libnss-db_2.2.3pre1-3ubuntu3.9.10.2_sparc.deb
Size/MD5: 26234 0611d6a34a988914154ef6484e7472d5
--uQr8t48UFsdbeI+V
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Kees Cook lt;kees@outflux.netgt;
iEYEARECAAYFAkuzpU0ACgkQH/9LqRcGPm0l5gCcCN+lOP6jP3cKB/eAJNu7ykbG
AgwAmgMO5O0rYnTgXQCSDB9jXLoRbxFk
=JFPO
-----END PGP SIGNATURE-----
