Details of VAR-200907-0748

ID

VAR-200907-0748

CVE

CVE-2009-2408

TITLE

Mandriva Linux Security Advisory 2009-217

Trust: 0.3

sources: PACKETSTORM: 83396 // PACKETSTORM: 81877 // PACKETSTORM: 80547

DESCRIPTION

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. The product provides cross-platform support for SSL, S/MIME and other Internet security standards. There is a mismatch between the NSS library's handling of the domain name in the SSL certificate between the SSL client and the CA that issued the server certificate. If a malicious user requests a certificate from a hostname with an invalid null character, most CAs will issue a certificate as long as the requester has the domain specified after the null character, but most SSL clients (browsers) will ignore this part of the name, Using a null character before the portion of validation allows an attacker to use a fake certificate in a man-in-the-middle attack to establish a false trust relationship. A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update provides the latest version of Thunderbird which are not vulnerable to these issues. The new packages addresses this problem. An input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially-crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid (CVE-2011-3365). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3365 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 8c6545c176b2716248c33e52135a3e2d 2010.1/i586/kdelibs4-core-4.4.5-0.4mdv2010.2.i586.rpm e54c7a21386ff85f46471fda6135ff6c 2010.1/i586/kdelibs4-devel-4.4.5-0.4mdv2010.2.i586.rpm 243c4d3db4a9e95a393f97e74818488e 2010.1/i586/libkde3support4-4.4.5-0.4mdv2010.2.i586.rpm 2b62c63d46a66adf26667731ddca4a06 2010.1/i586/libkdecore5-4.4.5-0.4mdv2010.2.i586.rpm 025038d3783371e8f46d11eaf204e65f 2010.1/i586/libkdefakes5-4.4.5-0.4mdv2010.2.i586.rpm 9a3bfa3d242e1d45194c4f55f812c67d 2010.1/i586/libkdesu5-4.4.5-0.4mdv2010.2.i586.rpm e9c69b97be0d6c7adcf7233c1d590dc6 2010.1/i586/libkdeui5-4.4.5-0.4mdv2010.2.i586.rpm 1ecfc8e228818bf267979da7428ba24a 2010.1/i586/libkdewebkit5-4.4.5-0.4mdv2010.2.i586.rpm 2be64f84a3a0160d353eaf4a66c88b1c 2010.1/i586/libkdnssd4-4.4.5-0.4mdv2010.2.i586.rpm 44fc6a0928497b64217bc06637ecc219 2010.1/i586/libkfile4-4.4.5-0.4mdv2010.2.i586.rpm e148b42fa8180b02aa3c7c54089cd16e 2010.1/i586/libkhtml5-4.4.5-0.4mdv2010.2.i586.rpm c17229d3aff113fee855eb647b2ee891 2010.1/i586/libkimproxy4-4.4.5-0.4mdv2010.2.i586.rpm 19876055e3b367010fd3a156a86a36ad 2010.1/i586/libkio5-4.4.5-0.4mdv2010.2.i586.rpm 5090009d080971d3ab92f788f18f1e26 2010.1/i586/libkjs4-4.4.5-0.4mdv2010.2.i586.rpm 8c2065a0cb35e2cc182b6bd0db267d62 2010.1/i586/libkjsapi4-4.4.5-0.4mdv2010.2.i586.rpm ed3966642b6a5d54ecffb6fc9a8b6290 2010.1/i586/libkjsembed4-4.4.5-0.4mdv2010.2.i586.rpm 008fe65285eaf4ba2d9f7c0655230c52 2010.1/i586/libkmediaplayer4-4.4.5-0.4mdv2010.2.i586.rpm 001fbc71b4da46f199b505c58e0c6228 2010.1/i586/libknewstuff2_4-4.4.5-0.4mdv2010.2.i586.rpm 672553fad8848265e1ba408f43bf7781 2010.1/i586/libknewstuff34-4.4.5-0.4mdv2010.2.i586.rpm 13cf045179be91975700fa3310a0fc70 2010.1/i586/libknotifyconfig4-4.4.5-0.4mdv2010.2.i586.rpm 3752242079665a17a3a35ac4c05484bd 2010.1/i586/libkntlm4-4.4.5-0.4mdv2010.2.i586.rpm af471317415306fdfbb5ff9d3c49ceea 2010.1/i586/libkparts4-4.4.5-0.4mdv2010.2.i586.rpm 8d3c2e7c7ba723e56bc090786d1bf96c 2010.1/i586/libkpty4-4.4.5-0.4mdv2010.2.i586.rpm b5648f3780cdc55c57a0d03d3fb7cc97 2010.1/i586/libkrosscore4-4.4.5-0.4mdv2010.2.i586.rpm ea771f370b730efa9c4019c8ceac1c22 2010.1/i586/libkrossui4-4.4.5-0.4mdv2010.2.i586.rpm 44dc92b4ff070db13c9dfb4954dcfa75 2010.1/i586/libktexteditor4-4.4.5-0.4mdv2010.2.i586.rpm 926b45cc828f8f53d63a6030d278e5bd 2010.1/i586/libkunitconversion4-4.4.5-0.4mdv2010.2.i586.rpm 4fd1c96ffa938806a5d055a4b61c3845 2010.1/i586/libkunittest4-4.4.5-0.4mdv2010.2.i586.rpm 99a712d56d383e91b17ac560a109d9ce 2010.1/i586/libkutils4-4.4.5-0.4mdv2010.2.i586.rpm 5db891d08fcfbe866da4a2cfc2c101ed 2010.1/i586/libnepomuk4-4.4.5-0.4mdv2010.2.i586.rpm 853dc3a02d9783bc7d4ed5586271f82a 2010.1/i586/libnepomukquery4-4.4.5-0.4mdv2010.2.i586.rpm 0b4d63fd1d8edd42a74ae1832694ef84 2010.1/i586/libplasma3-4.4.5-0.4mdv2010.2.i586.rpm fb356f0eb954f2871f0bd91ef4981f74 2010.1/i586/libsolid4-4.4.5-0.4mdv2010.2.i586.rpm ee166bc5ab6785306f330e4e13b59938 2010.1/i586/libthreadweaver4-4.4.5-0.4mdv2010.2.i586.rpm a3bd1963ad774911ef4d1902ce33aec9 2010.1/SRPMS/kdelibs4-4.4.5-0.4mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: e4f1f7f8407938fae5eee9be6daf6463 2010.1/x86_64/kdelibs4-core-4.4.5-0.4mdv2010.2.x86_64.rpm afc1815bfb3e5c1b17a5e774a86d8262 2010.1/x86_64/kdelibs4-devel-4.4.5-0.4mdv2010.2.x86_64.rpm acabd29c100952c3a8268f6e48ae729c 2010.1/x86_64/lib64kde3support4-4.4.5-0.4mdv2010.2.x86_64.rpm 4496e00fc526e1b331d5f7553ad759ab 2010.1/x86_64/lib64kdecore5-4.4.5-0.4mdv2010.2.x86_64.rpm 9f6dfb1b7af9299fb96941926e7d69e9 2010.1/x86_64/lib64kdefakes5-4.4.5-0.4mdv2010.2.x86_64.rpm 2e682ce762d8a60cc4322370567b5f6c 2010.1/x86_64/lib64kdesu5-4.4.5-0.4mdv2010.2.x86_64.rpm acd07b647db525427550f6763b936a7a 2010.1/x86_64/lib64kdeui5-4.4.5-0.4mdv2010.2.x86_64.rpm 4fb64c5e05fb52b0b2c5eb1a92fdb3d1 2010.1/x86_64/lib64kdewebkit5-4.4.5-0.4mdv2010.2.x86_64.rpm 4176fd87a0b92f2ee7d088f3d4a774d0 2010.1/x86_64/lib64kdnssd4-4.4.5-0.4mdv2010.2.x86_64.rpm eed83cf3b32bd23a0b16fce8d2834e9d 2010.1/x86_64/lib64kfile4-4.4.5-0.4mdv2010.2.x86_64.rpm d66febf0bb7e273fb687c144a36ac138 2010.1/x86_64/lib64khtml5-4.4.5-0.4mdv2010.2.x86_64.rpm 174ac58c7dc86ee4458526b5a2480662 2010.1/x86_64/lib64kimproxy4-4.4.5-0.4mdv2010.2.x86_64.rpm b7c162555f547ae0d9edbf71bfe04f0d 2010.1/x86_64/lib64kio5-4.4.5-0.4mdv2010.2.x86_64.rpm 5d89a4e23e342dee305e2107bfdc8c0e 2010.1/x86_64/lib64kjs4-4.4.5-0.4mdv2010.2.x86_64.rpm d2df6f4275de4ff6407188ada2785094 2010.1/x86_64/lib64kjsapi4-4.4.5-0.4mdv2010.2.x86_64.rpm 50ed7da9bcd068acb4819139eebb9026 2010.1/x86_64/lib64kjsembed4-4.4.5-0.4mdv2010.2.x86_64.rpm ad3c77de9a052f9b2612b15fb82be03f 2010.1/x86_64/lib64kmediaplayer4-4.4.5-0.4mdv2010.2.x86_64.rpm b9a8fbcdc54c359415075cf449ef6e4f 2010.1/x86_64/lib64knewstuff2_4-4.4.5-0.4mdv2010.2.x86_64.rpm 6d6c9151d9a634ca423770e919179b50 2010.1/x86_64/lib64knewstuff34-4.4.5-0.4mdv2010.2.x86_64.rpm fe7c248a30318f755bd0fe1b11f98fe4 2010.1/x86_64/lib64knotifyconfig4-4.4.5-0.4mdv2010.2.x86_64.rpm 888e7081a5be8ac0e1cbd7b47fd13ae7 2010.1/x86_64/lib64kntlm4-4.4.5-0.4mdv2010.2.x86_64.rpm 5c5e89cc9cd02ebf9267b7ee5faf1278 2010.1/x86_64/lib64kparts4-4.4.5-0.4mdv2010.2.x86_64.rpm 6c6bb95f61e8c26cc50902024303b3fe 2010.1/x86_64/lib64kpty4-4.4.5-0.4mdv2010.2.x86_64.rpm 22d1c3f2d8345743f1d834ecccd069d4 2010.1/x86_64/lib64krosscore4-4.4.5-0.4mdv2010.2.x86_64.rpm 502fb43a0a37496f2c11616d07fbbcbe 2010.1/x86_64/lib64krossui4-4.4.5-0.4mdv2010.2.x86_64.rpm d4fbf824ea3c54a902dc1e18e13756d0 2010.1/x86_64/lib64ktexteditor4-4.4.5-0.4mdv2010.2.x86_64.rpm 927ed8af9b7e7c575c9e7984f4e80a89 2010.1/x86_64/lib64kunitconversion4-4.4.5-0.4mdv2010.2.x86_64.rpm 12cd248453e3a3791de5f87f988eb430 2010.1/x86_64/lib64kunittest4-4.4.5-0.4mdv2010.2.x86_64.rpm 2f9420a8dadfb08821bd911a3adb7b3f 2010.1/x86_64/lib64kutils4-4.4.5-0.4mdv2010.2.x86_64.rpm b9c9f1d4e0c8a51fd5d081b05b362def 2010.1/x86_64/lib64nepomuk4-4.4.5-0.4mdv2010.2.x86_64.rpm e80871c0e9b5b0c72a3ea2b2f86e64d1 2010.1/x86_64/lib64nepomukquery4-4.4.5-0.4mdv2010.2.x86_64.rpm 29b23d3b31f4db91dc73f6a37ea02db1 2010.1/x86_64/lib64plasma3-4.4.5-0.4mdv2010.2.x86_64.rpm c2ba7f9a9f2202330a1c7bf46004f41d 2010.1/x86_64/lib64solid4-4.4.5-0.4mdv2010.2.x86_64.rpm 8a0ec353667253b3e3899c6980052999 2010.1/x86_64/lib64threadweaver4-4.4.5-0.4mdv2010.2.x86_64.rpm a3bd1963ad774911ef4d1902ce33aec9 2010.1/SRPMS/kdelibs4-4.4.5-0.4mdv2010.2.src.rpm Mandriva Linux 2011: 44421dc86e6c96eb9f4a1b835c40006d 2011/i586/kdelibs4-core-4.6.5-9.1-mdv2011.0.i586.rpm 31ef78219ce113dc91ba2d45ca166276 2011/i586/kdelibs4-devel-4.6.5-9.1-mdv2011.0.i586.rpm c72c7b24079aab97ce0923f5dd0bdf24 2011/i586/libkatepartinterfaces4-4.6.5-9.1-mdv2011.0.i586.rpm 882b577dc3c6a9b9f1c7872046cbffb4 2011/i586/libkcmutils4-4.6.5-9.1-mdv2011.0.i586.rpm b1cdc2769a17e075b43a2d1e49eb4efb 2011/i586/libkde3support4-4.6.5-9.1-mdv2011.0.i586.rpm 2aa0a579e90ea8b0015bcbccdeb4077e 2011/i586/libkdecore5-4.6.5-9.1-mdv2011.0.i586.rpm 105f203a2470d8d3aaf4381ba47f4a20 2011/i586/libkdefakes5-4.6.5-9.1-mdv2011.0.i586.rpm 3ad287cab02d774df12b8f5cedd2b7cb 2011/i586/libkdesu5-4.6.5-9.1-mdv2011.0.i586.rpm 4d4dcdf956ca0194bc2da5d901e14910 2011/i586/libkdeui5-4.6.5-9.1-mdv2011.0.i586.rpm c5d8b2ced514be22ff42c8a610dea367 2011/i586/libkdewebkit5-4.6.5-9.1-mdv2011.0.i586.rpm 89d3df52d5659ba172b5021aaa0800ba 2011/i586/libkdnssd4-4.6.5-9.1-mdv2011.0.i586.rpm 6f6e7b50cc22c4d0efec46ad85c52145 2011/i586/libkemoticons4-4.6.5-9.1-mdv2011.0.i586.rpm f9e7fb1a985fee36db209259643e3d43 2011/i586/libkfile4-4.6.5-9.1-mdv2011.0.i586.rpm ce0c07b3ab9ffb23074e3dcfd311251f 2011/i586/libkhtml5-4.6.5-9.1-mdv2011.0.i586.rpm 3e4bcd7edf1e6ddb2d2a75a563e83362 2011/i586/libkidletime4-4.6.5-9.1-mdv2011.0.i586.rpm bc4ad21bf5df0428897249edc07ee139 2011/i586/libkimproxy4-4.6.5-9.1-mdv2011.0.i586.rpm 86d9aa7a95e0b3c8c3736bced5030529 2011/i586/libkio5-4.6.5-9.1-mdv2011.0.i586.rpm 42894f5fef6b3955f4cc7cdc39a9b8b6 2011/i586/libkjs4-4.6.5-9.1-mdv2011.0.i586.rpm 5293f2f284c1df6466a84cfd33426b21 2011/i586/libkjsapi4-4.6.5-9.1-mdv2011.0.i586.rpm 600ac620222614c9240c56e35061dd5f 2011/i586/libkjsembed4-4.6.5-9.1-mdv2011.0.i586.rpm e6b032340b8f8b45f5e3dea24d4b795e 2011/i586/libkmediaplayer4-4.6.5-9.1-mdv2011.0.i586.rpm a9e4510933f71ee9354d41dc7f5c21f9 2011/i586/libknewstuff2_4-4.6.5-9.1-mdv2011.0.i586.rpm 4fffe4a09ab06dbb13e19ef552c765d3 2011/i586/libknewstuff3_4-4.6.5-9.1-mdv2011.0.i586.rpm 6176f21ff0870d298cad30f19cbc5985 2011/i586/libknotifyconfig4-4.6.5-9.1-mdv2011.0.i586.rpm aaca814c82291a16831052da452b072a 2011/i586/libkntlm4-4.6.5-9.1-mdv2011.0.i586.rpm 38441eea27e26fded337b55d1c7187b8 2011/i586/libkparts4-4.6.5-9.1-mdv2011.0.i586.rpm e1d9a6f2b3cf3546fffca8b3092b96d7 2011/i586/libkprintutils4-4.6.5-9.1-mdv2011.0.i586.rpm 78764e6b917983c8e337c69ac99d17f4 2011/i586/libkpty4-4.6.5-9.1-mdv2011.0.i586.rpm 8b727fc309bbb81de1d8ace536351303 2011/i586/libkrosscore4-4.6.5-9.1-mdv2011.0.i586.rpm 051aa118fdbcc20755754c2a4a45fdba 2011/i586/libkrossui4-4.6.5-9.1-mdv2011.0.i586.rpm c135b1698036881db6ab90cb448c265b 2011/i586/libktexteditor4-4.6.5-9.1-mdv2011.0.i586.rpm f7526412295bd86a3fdf26ad6bc8e962 2011/i586/libkunitconversion4-4.6.5-9.1-mdv2011.0.i586.rpm 603c837536ad6ca871ffe589c747c0f5 2011/i586/libkunittest4-4.6.5-9.1-mdv2011.0.i586.rpm e4c09f0fcb6f28bf768d337c62686eac 2011/i586/libkutils4-4.6.5-9.1-mdv2011.0.i586.rpm ac93402de1c9e45b65944aaeb8e425bf 2011/i586/libnepomuk4-4.6.5-9.1-mdv2011.0.i586.rpm ea8ba57a4f5e91529a074b3b5ddafb63 2011/i586/libnepomukquery4-4.6.5-9.1-mdv2011.0.i586.rpm a1ca1f682adaea8192cdf17082179790 2011/i586/libnepomukutils4-4.6.5-9.1-mdv2011.0.i586.rpm beb7c3df35c4208608541faba3e3cff1 2011/i586/libplasma3-4.6.5-9.1-mdv2011.0.i586.rpm 76cf8c65bc34fd9981ebd776fae7dd6b 2011/i586/libsolid4-4.6.5-9.1-mdv2011.0.i586.rpm 4dbe0bea09b0efcb77e4f97af52ee554 2011/i586/libthreadweaver4-4.6.5-9.1-mdv2011.0.i586.rpm 9cda5c5ab321d1d77cad4b273a8227a3 2011/SRPMS/kdelibs4-4.6.5-9.1.src.rpm Mandriva Linux 2011/X86_64: a416f173f6fee7f10e01e940622b03c7 2011/x86_64/kdelibs4-core-4.6.5-9.1-mdv2011.0.x86_64.rpm fdc8c171954de23a0161faec669953a3 2011/x86_64/kdelibs4-devel-4.6.5-9.1-mdv2011.0.x86_64.rpm 389d42165fcb6c8853bda9f8fe352438 2011/x86_64/lib64katepartinterfaces4-4.6.5-9.1-mdv2011.0.x86_64.rpm 553e0d225fdc7335afd7571bc404b808 2011/x86_64/lib64kcmutils4-4.6.5-9.1-mdv2011.0.x86_64.rpm 1b073a351c1e5d2c350a908e361afde7 2011/x86_64/lib64kde3support4-4.6.5-9.1-mdv2011.0.x86_64.rpm 8a10b775f1dc843404e518eb1dd15263 2011/x86_64/lib64kdecore5-4.6.5-9.1-mdv2011.0.x86_64.rpm 98b3c619dab6bcf91ebaea35dc59f24e 2011/x86_64/lib64kdefakes5-4.6.5-9.1-mdv2011.0.x86_64.rpm 3035d04055ef41dc710a9a5cfa15f48f 2011/x86_64/lib64kdesu5-4.6.5-9.1-mdv2011.0.x86_64.rpm 4bb1aade6cbc696aa298a0053a2778aa 2011/x86_64/lib64kdeui5-4.6.5-9.1-mdv2011.0.x86_64.rpm 05593647a56638371c4b06f8eec04199 2011/x86_64/lib64kdewebkit5-4.6.5-9.1-mdv2011.0.x86_64.rpm 9a61f92a25556635fdf01bd629079c05 2011/x86_64/lib64kdnssd4-4.6.5-9.1-mdv2011.0.x86_64.rpm ebb20032192f17c4d8d46d7a117d6186 2011/x86_64/lib64kemoticons4-4.6.5-9.1-mdv2011.0.x86_64.rpm 7c16488a8271d8e0440f886a1e7a3e59 2011/x86_64/lib64kfile4-4.6.5-9.1-mdv2011.0.x86_64.rpm f2b43f9f213e29c69f9bcf1fe30a0f91 2011/x86_64/lib64khtml5-4.6.5-9.1-mdv2011.0.x86_64.rpm e01dd3d898e30c921275e9e3fd7fe8a0 2011/x86_64/lib64kidletime4-4.6.5-9.1-mdv2011.0.x86_64.rpm bf2a67810c9530f7d06584fe92a086cd 2011/x86_64/lib64kimproxy4-4.6.5-9.1-mdv2011.0.x86_64.rpm 3dc38dd2200e7765178b756d18355c5e 2011/x86_64/lib64kio5-4.6.5-9.1-mdv2011.0.x86_64.rpm 479d0258813eb4ce2112efa290ac992f 2011/x86_64/lib64kjs4-4.6.5-9.1-mdv2011.0.x86_64.rpm 5821bd4cb36e6ae484fed3f3b178f64c 2011/x86_64/lib64kjsapi4-4.6.5-9.1-mdv2011.0.x86_64.rpm 97d0a7073257b5d38ebd89608b230cb2 2011/x86_64/lib64kjsembed4-4.6.5-9.1-mdv2011.0.x86_64.rpm b8201d7c86d380f53a747569c86cc125 2011/x86_64/lib64kmediaplayer4-4.6.5-9.1-mdv2011.0.x86_64.rpm a7470e5a2f9f1c2802a70386d94734d9 2011/x86_64/lib64knewstuff2_4-4.6.5-9.1-mdv2011.0.x86_64.rpm d10cff1d4ae24594f65017681b351aa4 2011/x86_64/lib64knewstuff3_4-4.6.5-9.1-mdv2011.0.x86_64.rpm 40625fb25f84a66747bfdb5e8c33397f 2011/x86_64/lib64knotifyconfig4-4.6.5-9.1-mdv2011.0.x86_64.rpm 7a58f4dad0d080ad1bb4f9d0b7b55721 2011/x86_64/lib64kntlm4-4.6.5-9.1-mdv2011.0.x86_64.rpm 216f06e8c9bc940a7c1bc96c0be60c85 2011/x86_64/lib64kparts4-4.6.5-9.1-mdv2011.0.x86_64.rpm d2bf6a48431bfa87b20274b6a916ed07 2011/x86_64/lib64kprintutils4-4.6.5-9.1-mdv2011.0.x86_64.rpm 17e748ccf383dcd76bf54370bae5b60b 2011/x86_64/lib64kpty4-4.6.5-9.1-mdv2011.0.x86_64.rpm 2980ae5e1eb2df517b9ac30f815e2b86 2011/x86_64/lib64krosscore4-4.6.5-9.1-mdv2011.0.x86_64.rpm a3daeac9197c566f3112a0efc2a20440 2011/x86_64/lib64krossui4-4.6.5-9.1-mdv2011.0.x86_64.rpm 0eb6aa884c8725aa2cc7cc5947f10fce 2011/x86_64/lib64ktexteditor4-4.6.5-9.1-mdv2011.0.x86_64.rpm e58f316e4fe7ec5412c6f24b263f61d8 2011/x86_64/lib64kunitconversion4-4.6.5-9.1-mdv2011.0.x86_64.rpm a07e9a42d9d34450fcdaa4a81fee7e1b 2011/x86_64/lib64kunittest4-4.6.5-9.1-mdv2011.0.x86_64.rpm 34610271f7de5ba3c6226d857831162f 2011/x86_64/lib64kutils4-4.6.5-9.1-mdv2011.0.x86_64.rpm ddf3eb523f5b29dd49b937b63d3efce7 2011/x86_64/lib64nepomuk4-4.6.5-9.1-mdv2011.0.x86_64.rpm eacd8f03c285571b4724f93b4f80525c 2011/x86_64/lib64nepomukquery4-4.6.5-9.1-mdv2011.0.x86_64.rpm 9fc98f8e2958ad971b73a887ecc25d75 2011/x86_64/lib64nepomukutils4-4.6.5-9.1-mdv2011.0.x86_64.rpm b66922bbe21ba37ab38a362eb279b399 2011/x86_64/lib64plasma3-4.6.5-9.1-mdv2011.0.x86_64.rpm 412dee5f9cbf514d0cc8e7b6c4bb7036 2011/x86_64/lib64solid4-4.6.5-9.1-mdv2011.0.x86_64.rpm ed8eb7bd7d026d75615bda14538fe6af 2011/x86_64/lib64threadweaver4-4.6.5-9.1-mdv2011.0.x86_64.rpm 9cda5c5ab321d1d77cad4b273a8227a3 2011/SRPMS/kdelibs4-4.6.5-9.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFOr+brmqjQ0CJFipgRApQNAKDVWJ591FTnmPG9EY+uaQ0yn+SKfwCg2PkW N0/0RYLF0JoU7ErOvYOPwxA= =+mKq -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-810-1 August 04, 2009 nss vulnerabilities CVE-2009-2404, CVE-2009-2408, CVE-2009-2409 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libnss3-1d 3.12.3.1-0ubuntu0.8.04.1 Ubuntu 8.10: libnss3-1d 3.12.3.1-0ubuntu0.8.10.1 Ubuntu 9.04: libnss3-1d 3.12.3.1-0ubuntu0.9.04.1 After a standard system upgrade you need to restart an applications that use NSS, such as Firefox, to effect the necessary changes. Details follow: Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404) Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408) Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.1.diff.gz Size/MD5: 37286 f4041d128d758f5506197b1cf0f1214f http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.1.dsc Size/MD5: 2012 401475ce9f7efa228d7b61671aa69c11 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 18232 49a5581a19be7771ecdc65fb943e86d7 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 3166090 074734f6e0fd51257999bdc0e38010f3 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 1147016 ddc8dfd4f0cc77c129c5bb4b18b6612c http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 257780 f6d735c7c95478fe2992178e0d7781d4 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 312528 05d78cad52b8c5464350c9b191528e0e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 18200 2c088a165372b431416a5b6d9f54b80b http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 3012554 50978f6f10b9f4c3918822d864d41aed http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 1040016 f0a52f96bd4f7bb7d8001b7ca5ace8d0 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 254880 c2151ff8a86f4119fcefa1f6c9ee7add http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 295096 f6fde2292ca35df9e6cac822d158e512 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 18190 cbc624cedbae82a39d3c47aaa8ffee38 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 3041822 533fda14ea785417cababc58419a8fec http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 1016224 1ed477ec2ffe3ac642cb7c29413842ab http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 253574 b9756509dcdeea8433a0f6bbe2dc27b7 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 292466 55f2cf8c33f19f17cae613aca3ce71c1 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 20678 a26907dda711e1d13e8d597bee4689e0 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 3125800 102117180150342cecff38e653963f66 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 1143852 f96cab41f4bf24cf4fa4686b3a963464 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 256600 e19a891112bea8df4f27fe569da9c951 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 324934 9aaac74bc3f6ec7f990f78d556c5ec09 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 18292 7e17d87ea08f93759ed7784705d82453 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 2834720 02b6284e651dcf2e6556378dcb730689 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 1019944 ee1829f9195609b3912994fc76788243 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 251578 09583a51b0814b53959af6d79a1b4f8c http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 299484 0d12ed86aae10c56300bd7cefb2884ef Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.1.diff.gz Size/MD5: 32769 d4e1fb5ca38687ad1e7532c457febc11 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.1.dsc Size/MD5: 2012 f98ccd513ae480ac7b56d7a4793758d3 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 3310610 9f8e4b95d1019e3956a88745ce3888c4 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 1195070 21daa67a1f51cc4a942e41beb2da001f http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 257586 89d972c2b67679eca265abac76d0687d http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 18296 8c1d95902c4f0e85c47a3ca941f0b48a http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 317026 11f10cc940951638cf5cac0e6e2f7ded i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 3137262 2ae6e2fa5e934a5fa27e14cedcdc74b6 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 1076898 59318f3e92b12686695704ef33074dc0 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 254686 b0dc3ec378ea87afff4a6d46fafca34f http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 18248 7a86d451f0cc722f66ca51f9894c81e2 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 300214 88f4442427f4ad5b1e507f24a872d7d5 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 3173686 65714f22fc4908727cd58fa917cff249 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 1050748 c55a36fa65b311364ddfc5f9bcacc3e9 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 253226 0b49775e55163a5c6fa22fba288eded7 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 18220 8fd881d7744299014a919437d9edaf87 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 296154 fce2927b08d43ba6d2188bf927dfb4d6 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 3284430 e411ebc5e3848a9a28fdb7bcf55af833 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 1165792 f6a9ba644f3fb0cd888bf4b425522633 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 256434 19a95ab61e462058ecaf05cbebd11c8a http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 20666 abe014ba1940180af1051006e4d293fd http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 320710 0f3c730279a7e731e72986d15fa2fcc2 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 2942578 3d396922de5283db749fd41036403ead http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 1038356 9d291947a8ef7d02c8c1a9746c1309d4 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 251226 c09de8036a434e93488b5c1b77108246 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 18380 0d18623f50973af22fd4e44e0d042bf4 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 301438 430f4a9aef7a540fac80629656572ea9 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.1.diff.gz Size/MD5: 35980 b64ec10add3d7fbbc7335b0f85b9fb00 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.1.dsc Size/MD5: 2012 a889688996d5530e8bf1eb181683137e http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 3309788 d48afcfa4139fe94b4c0af67c8d9c850 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 1196740 7ace44202680241529edaeb226d0dec1 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 258240 54d581c61ba7608526790263545e1b1c http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 17404 bfbb39c275bb15dcef644991c6af7e7b http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 317668 9d55ed9607359667cf963e04ccb834d5 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 3137602 af5d5d420c440bf53de79f8952ee17d0 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 1078336 706162a5436e733e4ce57d51baf163fb http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 255338 140b54235689f93baa3971add5401a42 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 17412 fb6ca266988f45378c41455fa5207a85 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 300808 7b06b74c327641634d4f8f1f61b7d432 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 3171676 ad44dc80ef0066d3da2edede234b0210 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 1052136 727ab68dd03bec2ae01b4611c5f98309 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 253840 15198ca066b229b42ced8cb5f4307a53 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 17408 fdf85ab9c62a3d3999d4f49bf0172243 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 296796 ecc392b5e6b2b2b5b5ef6d9f93f3ad30 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 3282216 5399927c4f40c9369fcb58d3038cc3ec http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 1167866 477cd3a3cb2ec7c5cf791208e096de93 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 257080 85844f856588609fba74ec37044f9c35 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 17410 98059af1adbd24026a4dab4faa27ddd1 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 321372 b7afef4b3c7dc27dceb12668458629d8 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 2942004 2e8c7c62ef1119b9326564fe50389b8d http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 1039416 ad6d7c7f3a2301c7e46a1102098fdbaf http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 251874 4a70da68d8ae2e444b7aaf6836d50eba http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 17410 9921067423eeb95bea428bf9f471559c http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 301814 302527f9bbcb164d12b13d25719a9ab9 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2010-0001 Synopsis: ESX Service Console updates for nss and nspr Issue date: 2010-01-06 Updated on: 2010-01-06 (initial release of advisory) CVE numbers: CVE-2009-2409 CVE-2009-2408 CVE-2009-2404 CVE-2009-1563 CVE-2009-3274 CVE-2009-3370 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 CVE-2009-3382 - ----------------------------------------------------------------------- 1. Summary Update for Service Console packages nss and nspr 2. Relevant releases VMware ESX 4.0 without patch ESX400-200912403-SG 3. Problem Description a. Update for Service Console packages nss and nspr Service console packages for Network Security Services (NSS) and NetScape Portable Runtime (NSPR) are updated to versions nss-3.12.3.99.3-1.2157 and nspr-4.7.6-1.2213 respectively. This patch fixes several security issues in the service console packages for NSS and NSPR. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-2409, CVE-2009-2408, CVE-2009-2404, CVE-2009-1563, CVE-2009-3274, CVE-2009-3370, CVE-2009-3372, CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376, CVE-2009-3380, and CVE-2009-3382 to these issues. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-200912403-SG ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 3.0.2 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. ESX 4.0 ------- ESX400-200912403-SG https://hostupdate.vmware.com/software/VUM/OFFLINE/release-181-20091231-153046/ESX400-200912001.zip md5sum: 78c6cf139b7941dc736c9d3a41deae77 sha1sum: 36df3a675fbd3c8c8830f00637e37ee716bdac59 http://kb.vmware.com/kb/1016293 To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle=ESX400-200912001.zip -b ESX400-200912403-SG update 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382 - ------------------------------------------------------------------------ 6. Change log 2010-01-06 VMSA-2010-0001 Initial security advisory after release of patch ESX400-200912403-SG for ESX 4.0 on 2010-01-06. - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2010 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) iD8DBQFLRYwLS2KysvBH1xkRArmBAJoDcO5waCyCE+lfmEwuILVjcqeLngCcCzNo HgNlBjOx5iQw7etlwwpbyuo= =bIJJ -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Network Security Services Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36093 VERIFY ADVISORY: http://secunia.com/advisories/36093/ DESCRIPTION: Some vulnerabilities have been reported in Network Security Services, which can potentially be exploited by malicious people to bypass certain security restrictions or to compromise a vulnerable system. 1) An error in the regular expression parser when matching common names in certificates can be exploited to cause a heap-based buffer overflow, e.g. via a specially crafted certificate signed by a trusted CA or when a user accepts a specially crafted certificate. Successful exploitation may allow execution of arbitrary code. 2) An error exists in the parsing of certain certificate fields, which can be exploited to e.g. get a client to accept a specially crafted certificate by mistake. SOLUTION: Update to version 3.12.3 or later. PROVIDED AND/OR DISCOVERED BY: Red Hat credits: 1) Moxie Marlinspike 2) Dan Kaminsky ORIGINAL ADVISORY: https://bugzilla.redhat.com/show_bug.cgi?id=512912 https://bugzilla.redhat.com/show_bug.cgi?id=510251 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.71

sources: NVD: CVE-2009-2408 // VULHUB: VHN-39854 // VULMON: CVE-2009-2408 // PACKETSTORM: 83396 // PACKETSTORM: 81877 // PACKETSTORM: 106472 // PACKETSTORM: 80046 // PACKETSTORM: 81228 // PACKETSTORM: 84923 // PACKETSTORM: 79888

AFFECTED PRODUCTS

vendor:	suse	model:	linux enterprise	scope:	eq	version:	11.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	8.10	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	lt	version:	3.0.13	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	gte	version:	10.3	Trust: 1.0
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	9	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	lte	version:	11.1	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	9.04	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	5.0	Trust: 1.0
vendor:	mozilla	model:	thunderbird	scope:	lt	version:	2.0.0.23	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	8.04	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	lt	version:	3.12.3	Trust: 1.0
vendor:	mozilla	model:	seamonkey	scope:	lt	version:	1.1.18	Trust: 1.0
vendor:	suse	model:	linux enterprise	scope:	eq	version:	10.0	Trust: 1.0

sources: NVD: CVE-2009-2408

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-2408
value:	MEDIUM
Trust: 1.0
VULHUB:	VHN-39854
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2009-2408
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2009-2408
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-39854
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2009-2408
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-39854 // VULMON: CVE-2009-2408 // NVD: CVE-2009-2408

PROBLEMTYPE DATA

problemtype:	CWE-295	Trust: 1.0
problemtype:	CWE-20	Trust: 0.1

sources: VULHUB: VHN-39854 // NVD: CVE-2009-2408

THREAT TYPE

remote

Trust: 0.1

sources: PACKETSTORM: 80046

TYPE

spoof

Trust: 0.2

sources: PACKETSTORM: 83396 // PACKETSTORM: 80547

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-39854

PATCH

title:	Red Hat: Critical: nspr and nss security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20091184 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: nspr and nss security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20091190 - Security Advisory	Trust: 0.1
title:	Red Hat: Critical: nspr and nss security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20091186 - Security Advisory	Trust: 0.1
title:	Debian CVElist Bug Report Logs: CVE-2009-3490: does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=a3458ab50360af35078fed2a21e4aab5	Trust: 0.1
title:	Debian CVElist Bug Report Logs: CVE-2009-2408, CVE-2009-2404, NSS multiple vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=8e47693cc5dcee66dbc8301d5b49aa69	Trust: 0.1
title:	Ubuntu Security Notice: nss vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-810-1	Trust: 0.1
title:	Debian CVElist Bug Report Logs: CVE-2009-4565: does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e1941bea629cef3047911013314e13b5	Trust: 0.1
title:	Debian CVElist Bug Report Logs: CVE-2009-3767: Doesn't properly handle NULL character in subject Common Name	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=12cb27014f8e65a04447ce80bf941573	Trust: 0.1
title:	Ubuntu Security Notice: nss regression	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-810-3	Trust: 0.1
title:	Ubuntu Security Notice: nspr update	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-810-2	Trust: 0.1
title:	Debian CVElist Bug Report Logs: CVE-2009-2474: Improper verification of x590v3 certificate with NUL (zero) byte in certain fields	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=43047ea1634c052fdce5cc7f58bc3575	Trust: 0.1
title:	Mozilla: Mozilla Foundation Security Advisory 2009-42	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=2009-42	Trust: 0.1
title:	Debian Security Advisories: DSA-1874-1 nss -- several vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=feb4d86a23e29847d2ba2d94eec9a4b8	Trust: 0.1
title:	Debian CVElist Bug Report Logs: CVE-2009-2702: KDE KSSL NULL Character Certificate Spoofing Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=dc6876b992c04f3bcad5458e3b065276	Trust: 0.1
title:	Debian Security Advisories: DSA-2025-1 icedove -- several vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=cda860d24ce67397ab7470933f246c2b	Trust: 0.1
title:	Debian CVElist Bug Report Logs: CVE-2009-2700: QSslCertificate incorrect verification of SSL certificate with NUL in subjectAltName	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=10e59ae69fe7fd45d2232633d744b46a	Trust: 0.1
title:	VMware Security Advisories: ESX Service Console and vMA updates for nss and nspr	url:	https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories&qid=0bf5287c6fb254fd8418db00b0d9efe5	Trust: 0.1

sources: VULMON: CVE-2009-2408

EXTERNAL IDS

db:	NVD	id:	CVE-2009-2408	Trust: 1.9
db:	SECUNIA	id:	37098	Trust: 1.2
db:	SECUNIA	id:	36125	Trust: 1.2
db:	SECUNIA	id:	36088	Trust: 1.2
db:	SECUNIA	id:	36434	Trust: 1.2
db:	SECUNIA	id:	36157	Trust: 1.2
db:	SECUNIA	id:	36669	Trust: 1.2
db:	SECUNIA	id:	36139	Trust: 1.2
db:	OSVDB	id:	56723	Trust: 1.2
db:	VUPEN	id:	ADV-2009-3184	Trust: 1.1
db:	VUPEN	id:	ADV-2009-2085	Trust: 1.1
db:	SECTRACK	id:	1022632	Trust: 1.1
db:	PACKETSTORM	id:	81228	Trust: 0.2
db:	PACKETSTORM	id:	81877	Trust: 0.2
db:	PACKETSTORM	id:	106472	Trust: 0.2
db:	PACKETSTORM	id:	83396	Trust: 0.2
db:	BID	id:	35888	Trust: 0.2
db:	PACKETSTORM	id:	81880	Trust: 0.1
db:	PACKETSTORM	id:	83397	Trust: 0.1
db:	PACKETSTORM	id:	80223	Trust: 0.1
db:	PACKETSTORM	id:	82183	Trust: 0.1
db:	PACKETSTORM	id:	87886	Trust: 0.1
db:	CNNVD	id:	CNNVD-200907-442	Trust: 0.1
db:	VULHUB	id:	VHN-39854	Trust: 0.1
db:	VUPEN	id:	2009/2085	Trust: 0.1
db:	VUPEN	id:	2009/3184	Trust: 0.1
db:	VULMON	id:	CVE-2009-2408	Trust: 0.1
db:	PACKETSTORM	id:	80046	Trust: 0.1
db:	PACKETSTORM	id:	84923	Trust: 0.1
db:	PACKETSTORM	id:	80547	Trust: 0.1
db:	SECUNIA	id:	36093	Trust: 0.1
db:	PACKETSTORM	id:	79888	Trust: 0.1

sources: VULHUB: VHN-39854 // VULMON: CVE-2009-2408 // PACKETSTORM: 83396 // PACKETSTORM: 81877 // PACKETSTORM: 106472 // PACKETSTORM: 80046 // PACKETSTORM: 81228 // PACKETSTORM: 84923 // PACKETSTORM: 80547 // PACKETSTORM: 79888 // NVD: CVE-2009-2408

REFERENCES

url:	http://www.mozilla.org/security/announce/2009/mfsa2009-42.html	Trust: 1.5
url:	https://bugzilla.redhat.com/show_bug.cgi?id=510251	Trust: 1.3
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1	Trust: 1.2
url:	http://www.securitytracker.com/id?1022632	Trust: 1.2
url:	http://secunia.com/advisories/36088	Trust: 1.2
url:	http://secunia.com/advisories/36125	Trust: 1.2
url:	http://secunia.com/advisories/36139	Trust: 1.2
url:	http://secunia.com/advisories/36157	Trust: 1.2
url:	http://secunia.com/advisories/36434	Trust: 1.2
url:	http://secunia.com/advisories/36669	Trust: 1.2
url:	http://secunia.com/advisories/37098	Trust: 1.2
url:	http://osvdb.org/56723	Trust: 1.2
url:	http://www.vupen.com/english/advisories/2009/2085	Trust: 1.2
url:	http://www.vupen.com/english/advisories/2009/3184	Trust: 1.2
url:	http://www.debian.org/security/2009/dsa-1874	Trust: 1.2
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2009:197	Trust: 1.2
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2009:216	Trust: 1.2
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2009:217	Trust: 1.2
url:	http://www.redhat.com/support/errata/rhsa-2009-1207.html	Trust: 1.2
url:	http://www.redhat.com/support/errata/rhsa-2009-1432.html	Trust: 1.2
url:	http://www.novell.com/linux/security/advisories/2009_48_firefox.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html	Trust: 1.2
url:	http://www.ubuntu.com/usn/usn-810-1	Trust: 1.2
url:	https://usn.ubuntu.com/810-2/	Trust: 1.2
url:	http://isc.sans.org/diary.html?storyid=7003	Trust: 1.2
url:	http://www.wired.com/threatlevel/2009/07/kaminsky/	Trust: 1.2
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10751	Trust: 1.2
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8458	Trust: 1.2
url:	http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h	Trust: 1.1
url:	http://marc.info/?l=oss-security&m=125198917018936&w=2	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-2408	Trust: 0.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2408	Trust: 0.5
url:	http://www.mandriva.com/security/	Trust: 0.5
url:	http://www.mandriva.com/security/advisories	Trust: 0.5
url:	https://bugs.gentoo.org/show_bug.cgi?id=280615	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2009-2409	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2009-2404	Trust: 0.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2409	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2404	Trust: 0.2
url:	http://marc.info/?l=oss-security&m=125198917018936&w=2	Trust: 0.1
url:	http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2009:1184	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://usn.ubuntu.com/810-1/	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=20215	Trust: 0.1
url:	https://www.securityfocus.com/bid/35888	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3720	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3720	Trust: 0.1
url:	https://qa.mandriva.com/53129	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3365	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-2702	Trust: 0.1
url:	http://secunia.com/	Trust: 0.1
url:	http://lists.grok.org.uk/full-disclosure-charter.html	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2702	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-3365	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.1.dsc	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.1.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.1.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.1.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.1.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.1.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_amd64.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3274	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3382	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3376	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3373	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3373	Trust: 0.1
url:	http://www.vmware.com/security	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3274	Trust: 0.1
url:	http://kb.vmware.com/kb/1055	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3370	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1563	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3372	Trust: 0.1
url:	http://kb.vmware.com/kb/1016293	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3374	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3375	Trust: 0.1
url:	http://www.vmware.com/support/policies/security_response.html	Trust: 0.1
url:	https://hostupdate.vmware.com/software/vum/offline/release-181-20091231-153046/esx400-200912001.zip	Trust: 0.1
url:	http://www.vmware.com/support/policies/eos.html	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3374	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3380	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3382	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3376	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1563	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3380	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3375	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3372	Trust: 0.1
url:	http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3370	Trust: 0.1
url:	http://www.vmware.com/support/policies/eos_vi.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-2625	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/36093/	Trust: 0.1
url:	http://secunia.com/advisories/business_solutions/	Trust: 0.1
url:	https://bugzilla.redhat.com/show_bug.cgi?id=512912	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

CREDITS

Mandriva

Trust: 0.5

sources: PACKETSTORM: 83396 // PACKETSTORM: 81877 // PACKETSTORM: 106472 // PACKETSTORM: 81228 // PACKETSTORM: 80547

SOURCES

db:	VULHUB	id:	VHN-39854
db:	VULMON	id:	CVE-2009-2408
db:	PACKETSTORM	id:	83396
db:	PACKETSTORM	id:	81877
db:	PACKETSTORM	id:	106472
db:	PACKETSTORM	id:	80046
db:	PACKETSTORM	id:	81228
db:	PACKETSTORM	id:	84923
db:	PACKETSTORM	id:	80547
db:	PACKETSTORM	id:	79888
db:	NVD	id:	CVE-2009-2408

LAST UPDATE DATE

2025-09-26T23:14:34.388000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-39854	date:	2018-10-03T00:00:00
db:	VULMON	id:	CVE-2009-2408	date:	2018-10-03T00:00:00
db:	NVD	id:	CVE-2009-2408	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-39854	date:	2009-07-30T00:00:00
db:	VULMON	id:	CVE-2009-2408	date:	2009-07-30T00:00:00
db:	PACKETSTORM	id:	83396	date:	2009-12-03T20:56:14
db:	PACKETSTORM	id:	81877	date:	2009-10-08T18:12:38
db:	PACKETSTORM	id:	106472	date:	2011-11-01T15:58:59
db:	PACKETSTORM	id:	80046	date:	2009-08-06T04:52:04
db:	PACKETSTORM	id:	81228	date:	2009-09-11T23:49:04
db:	PACKETSTORM	id:	84923	date:	2010-01-07T19:33:17
db:	PACKETSTORM	id:	80547	date:	2009-08-24T17:22:35
db:	PACKETSTORM	id:	79888	date:	2009-08-04T12:12:18
db:	NVD	id:	CVE-2009-2408	date:	2009-07-30T19:30:00.313