==========================================================================
Ubuntu Security Notice USN-2087-1
January 23, 2014
nspr vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 13.10
– Ubuntu 12.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS
Summary:
NSPR could be made to crash or run programs if it received a specially
crafted certificate.
Software Description:
– nspr: NetScape Portable Runtime Library
Details:
It was discovered that NSPR incorrectly handled certain malformed X.509
certificates. A remote attacker could use a crafted X.509 certificate to
cause NSPR to crash, leading to a denial of service, or possibly execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
libnspr4 2:4.9.5-1ubuntu1.1
Ubuntu 12.10:
libnspr4 4.9.5-0ubuntu0.12.10.2
Ubuntu 12.04 LTS:
libnspr4 4.9.5-0ubuntu0.12.04.2
Ubuntu 10.04 LTS:
libnspr4-0d 4.9.5-0ubuntu0.10.04.2
After a standard system update you need to restart your session to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2087-1
CVE-2013-5607
Package Information:
https://launchpad.net/ubuntu/+source/nspr/2:4.9.5-1ubuntu1.1
https://launchpad.net/ubuntu/+source/nspr/4.9.5-0ubuntu0.12.10.2
https://launchpad.net/ubuntu/+source/nspr/4.9.5-0ubuntu0.12.04.2
https://launchpad.net/ubuntu/+source/nspr/4.9.5-0ubuntu0.10.04.2
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/
iQIcBAEBCgAGBQJS4UGlAAoJEGVp2FWnRL6TKeYQAKMjfYckdA8fcJG+cu5nXtJq
FKDVJ4fDKjcQP/aCw5x5/0Do8IsLC2Pe2dgbLgIyNY5DLvcQaVM5TtRsfXvA2H2b
RP3HlRVedcoCRh7H5ha+VDR+7kYaGVupKf8kwyDsumt/wYFYKHDGtBJDsiXN79JA
krY7Ghvlr3L2JiALlPHsghSkQC6UwQ32qRBWOP0IT8vWtaX6nrB2l7HNQPxkNrm1
6rEQt/OIaRRbAmrkEnjXd9p0mzC86gcszohYzxXf83HWONMg7SbijLvSdz8LzR1N
zMhU3Rn/aa0H1jJ/d/zD6ftzsnYKzVaavl3Q/Nsmic7kAbNuZp6wmwf5PgR0vGo6
E30KS6vi9qI1FHxnBdtfdTy+MCubDZgHTJmgB6Mnr2ciLJHABLV9rPN49g9BtqNP
mvweiPecGxD6CSHgR1PyrVCY35+jcdNUNdhSCqJR/j4kDnybPa64UCplhpOs8keQ
Kn1i2fuRd8BUgiWIJk8i2EUYn+GPao8FqKAuQ/GOkaHBE/Dr5ogtIJx1V7FUYgKU
v0BdhWW0HoSUaA6/LSd3tEEEs7tpzWV+y0AJ3cfTnt2e2dFJiolo6AK06Pozu9zC
45J1ZpBM5tae0seIpOr5z3GlK9yt1FXRDoNGrz+8TRxEyKSciVP9axP0vs6RWOnt
KcbQSmUwKDjf4xi84DVJ
=vLNM
—–END PGP SIGNATURE—–
—