==========================================================================
Ubuntu Security Notice USN-2360-2
September 24, 2014

thunderbird vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS

Summary:

Fraudulent security certificates could allow sensitive information to
be exposed when accessing the Internet.

Software Description:
– thunderbird: Mozilla Open Source mail and newsgroup client

Details:

USN-2360-1 fixed vulnerabilities in Firefox. This update provides the
corresponding updates for Thunderbird.

Original advisory details:

Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled
parsing ASN.1 values. An attacker could use this issue to forge RSA
certificates.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
thunderbird 1:31.1.2+build1-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:
thunderbird 1:31.1.2+build1-0ubuntu0.12.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2360-2
http://www.ubuntu.com/usn/usn-2360-1
CVE-2014-1568

Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/1:31.1.2+build1-0ubuntu0.14.04.1
https://launchpad.net/ubuntu/+source/thunderbird/1:31.1.2+build1-0ubuntu0.12.04.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQEcBAEBAgAGBQJUIx2lAAoJEGEfvezVlG4PAlcH/1mlMxaH30YKhBEFE4klvYtx
oRjr3DwEKfzMF10Qzto5Yjvz6YNi2UO024Cfhd+iHz8gLNSsJ/L/nRVYQPzKAGPi
huZWjDuqRfaPnwFgnDV6ATuF8HiVAyxE3MVRipIipNKOoy4U7f738w2h2v7qLZ3X
a8uomswQ8u68CrNcZkNw9q3qAX0LuEQe9oVpgWOckiOmG7/j6itBnQXJQm8HOIJ5
XDOVUslMYBKf95PiX6PXkxgiQ/x1CBqoNRlSYM7IvkCDb5u19U3EKYM/YAoP4QNL
/7+eSQf1E8/bKlgyzjB9uxdyfaG2jcWWDGpx6lcsh2zMuoso5X9/qSMid8wjWjg=
=Zual
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2361-1
September 24, 2014

nss vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

Fraudulent security certificates could allow sensitive information to
be exposed when accessing the Internet.

Software Description:
– nss: Network Security Service library

Details:

Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled
parsing ASN.1 values. An attacker could use this issue to forge RSA
certificates.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
libnss3 2:3.17.1-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:
libnss3 3.17.1-0ubuntu0.12.04.1

Ubuntu 10.04 LTS:
libnss3-1d 3.17.1-0ubuntu0.10.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use NSS, such as Evolution and Chromium, to make all the necessary
changes.

References:
http://www.ubuntu.com/usn/usn-2361-1
CVE-2014-1568

Package Information:
https://launchpad.net/ubuntu/+source/nss/2:3.17.1-0ubuntu0.14.04.1
https://launchpad.net/ubuntu/+source/nss/3.17.1-0ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/nss/3.17.1-0ubuntu0.10.04.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJUIyHYAAoJEGVp2FWnRL6TYSIP/1JTdFr5loVBsvPvIVr/jpl0
N3/PeonPAATPS3rlMl/cM/dg8dwVIA5907e628Qm/D8fr/2SmeOJyJM+AkUJjELc
8dF1vg/R19LTPVhmP9tWZgNgILAcv4eWRo3Y6JzhER4TQry+plW4bbS7c1pcp7Dy
Bu3DUIqe+SHPTqfGp+fVmohBlJTL9/COxONduS8V6kV3JXJFyiGalQFKK6NYTbYp
MR6p06+ViCDLi8hpR0lTfAKtD/y6uuNdKUaHvL9WsMyKsaErGsmVTz53VRuFPC/k
+ImJKpDWhvBZbH8Ot7p4GmMpBQeBo9NH1d8qkcC907ucbILCjjq5NvScbBXVJTMj
ExxWAnohNn+Mu2ZiEZfSX9UHWldbMOzEbysXmViDhCI3nQ/VFMc0IUL7RxVbb9xK
2U30OKdnxBFYgmNf17jdOe8N5orANeOqDW/2Plb/HflCCF6kawE0wc652PYEWypy
5mpmgjgkW+tXeT9ubd8Kl3ZWbeuZ4x1DjdR3vrk50DWLgYNm1FEn8dzw7eNrqbqD
vhVeAdFeugbDbDNIrQAans2Lq0Ewnf3hUTdLnDDZn96rFJ8nAp7QrS0yVaz13V0g
F/WUtaw18LTPn8cBDE1XUhtyCIxhFrD0XxBescXVsw7JHPlU4lylEe2Y1ZhwqZ/D
J9G6V2K0xe0y/8vCRTIv
=r8OH
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2360-1
September 24, 2014

firefox vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS

Summary:

Fraudulent security certificates could allow sensitive information to
be exposed when accessing the Internet.

Software Description:
– firefox: Mozilla Open Source web browser

Details:

Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled
parsing ASN.1 values. An attacker could use this issue to forge RSA
certificates.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
firefox 32.0.3+build1-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:
firefox 32.0.3+build1-0ubuntu0.12.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2360-1
CVE-2014-1568

Package Information:
https://launchpad.net/ubuntu/+source/firefox/32.0.3+build1-0ubuntu0.14.04.1
https://launchpad.net/ubuntu/+source/firefox/32.0.3+build1-0ubuntu0.12.04.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQEcBAEBAgAGBQJUIxwSAAoJEGEfvezVlG4PzKUH/jjyFb3OoyR3W9LrjAKQpdwP
0KQUVon0Ye0dkKbQtYpwgb0P2uQPs8jPpWxm+lMe8NJwQgOJvecS3YRAZE7Ez+lf
nPJBEmY2u4XidVRv6A+GpOWp67GEN+fFmlFp1LdIhfb5l8r33A4hz5gMzU2FIFwr
RxVj+MXHHWsxlR1cP/Pl6q4dVioIVWdIL2xd3SKOLGYmNYwvh7GcBI8rktiv2e8U
ywtS/+p05a0S57DOe0t2CG0MWDgeEF9D06iahU90hYk5E/TRVED1i8TM39LDsiKc
IxEhkQPDZrd0rh2oGTxas/mzT1yEKVc0l/xQAA54Xj2kk7wc+Cz51sS39y4o3Cc=
=GkKy
—–END PGP SIGNATURE—–
—
7e