=========================================================== Ubuntu Security Notice USN-927-7 July 23, 2010 nspr update https://launchpad.net/bugs/599920 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: libnspr4-0d 4.8-0ubuntu0.9.04.1 After a standard system upgrade you need to restart any applications that use NSPR, such as Firefox, to effect the necessary changes. Details follow: USN-927-4 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it. Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.8-0ubuntu0.9.04.1.diff.gz Size/MD5: 27026 f2398e87d490d3fcec3fb0cf6be4369e http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.8-0ubuntu0.9.04.1.dsc Size/MD5: 1538 73ab6665a42a128aae384a57d336b339 http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.8.orig.tar.gz Size/MD5: 1170419 e0916a72bcc6c427551ea262183fdb26 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.9.04.1_amd64.deb Size/MD5: 299974 dcd8d5e9686f5f7f99a8857dac45383c http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.9.04.1_amd64.deb Size/MD5: 134790 4b51097d2e6109e840355707e0259def http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.9.04.1_amd64.deb Size/MD5: 275134 8686b65317122f6a424307cd079239b0 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.9.04.1_i386.deb Size/MD5: 290400 1181db3e0a182a85380d0972767fe471 http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.9.04.1_i386.deb Size/MD5: 124714 43d66c5b716b96ae8a0d1528b37dd1a5 http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.9.04.1_i386.deb Size/MD5: 262838 a75f067e1e5acbe121c2117500b35f9e lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.9.04.1_lpia.deb Size/MD5: 294636 70bebd4c6b76ebb9c5142b8562ae17fe http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.9.04.1_lpia.deb Size/MD5: 123022 c353d7e06a660701f9a00f1c486c851c http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.9.04.1_lpia.deb Size/MD5: 258346 68fa5a2fd7b83f14256819eb92a7b320 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 302240 5fdd091450094dd2a98036a45f052042 http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 138700 241261a023edac62998bf23af20cb5e2 http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 271168 19b21e913ab0c795944b34f52e7851c1 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.8-0ubuntu0.9.04.1_sparc.deb Size/MD5: 276302 38b547b2c0124ef1f7d2486ea035f102 http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.8-0ubuntu0.9.04.1_sparc.deb Size/MD5: 120370 169c60aa33f026b9cf5f922bac904e47 http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.8-0ubuntu0.9.04.1_sparc.deb Size/MD5: 256322 62ba95c7de8f9288f6583e9d35dd7d22