You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa nspr

Sigurnosni nedostatak programskog paketa nspr

by ncert - 0
  • Detalji os-a: LUB
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2087-1
January 23, 2014

nspr vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 13.10
– Ubuntu 12.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

NSPR could be made to crash or run programs if it received a specially
crafted certificate.

Software Description:
– nspr: NetScape Portable Runtime Library

Details:

It was discovered that NSPR incorrectly handled certain malformed X.509
certificates. A remote attacker could use a crafted X.509 certificate to
cause NSPR to crash, leading to a denial of service, or possibly execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
libnspr4 2:4.9.5-1ubuntu1.1

Ubuntu 12.10:
libnspr4 4.9.5-0ubuntu0.12.10.2

Ubuntu 12.04 LTS:
libnspr4 4.9.5-0ubuntu0.12.04.2

Ubuntu 10.04 LTS:
libnspr4-0d 4.9.5-0ubuntu0.10.04.2

After a standard system update you need to restart your session to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2087-1
CVE-2013-5607

Package Information:
https://launchpad.net/ubuntu/+source/nspr/2:4.9.5-1ubuntu1.1
https://launchpad.net/ubuntu/+source/nspr/4.9.5-0ubuntu0.12.10.2
https://launchpad.net/ubuntu/+source/nspr/4.9.5-0ubuntu0.12.04.2
https://launchpad.net/ubuntu/+source/nspr/4.9.5-0ubuntu0.10.04.2

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJS4UGlAAoJEGVp2FWnRL6TKeYQAKMjfYckdA8fcJG+cu5nXtJq
FKDVJ4fDKjcQP/aCw5x5/0Do8IsLC2Pe2dgbLgIyNY5DLvcQaVM5TtRsfXvA2H2b
RP3HlRVedcoCRh7H5ha+VDR+7kYaGVupKf8kwyDsumt/wYFYKHDGtBJDsiXN79JA
krY7Ghvlr3L2JiALlPHsghSkQC6UwQ32qRBWOP0IT8vWtaX6nrB2l7HNQPxkNrm1
6rEQt/OIaRRbAmrkEnjXd9p0mzC86gcszohYzxXf83HWONMg7SbijLvSdz8LzR1N
zMhU3Rn/aa0H1jJ/d/zD6ftzsnYKzVaavl3Q/Nsmic7kAbNuZp6wmwf5PgR0vGo6
E30KS6vi9qI1FHxnBdtfdTy+MCubDZgHTJmgB6Mnr2ciLJHABLV9rPN49g9BtqNP
mvweiPecGxD6CSHgR1PyrVCY35+jcdNUNdhSCqJR/j4kDnybPa64UCplhpOs8keQ
Kn1i2fuRd8BUgiWIJk8i2EUYn+GPao8FqKAuQ/GOkaHBE/Dr5ogtIJx1V7FUYgKU
v0BdhWW0HoSUaA6/LSd3tEEEs7tpzWV+y0AJ3cfTnt2e2dFJiolo6AK06Pozu9zC
45J1ZpBM5tae0seIpOr5z3GlK9yt1FXRDoNGrz+8TRxEyKSciVP9axP0vs6RWOnt
KcbQSmUwKDjf4xi84DVJ
=vLNM
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2014-01-0032-ADV
CveCVE-2013-5607
ID izvornikaUSN-2087-1
Proizvodnspr
Izvorhttp://www.ubuntu.com
ncert
Top
More in Preporuke
Ranjivost programskog paketa nss

Otkrivena je i otklonjena ranjivost u funkciji "ssl_Do1stHandshake" unutar biblioteke libssl programskog paketa Mozilla NSS, kada se uključi opcija TLS...

Close