Jump to content
Compatible Support Forums
Sign in to follow this  
news

[Security Announce] [ MDVSA-2010:032 ] rootcerts

Recommended Posts

This is a multi-part message in MIME format...

 

------------=_1265299415-24326-4018

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2010:032

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : rootcerts

Date : February 4, 2010

Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0

_______________________________________________________________________

 

Problem Description:

 

It was brought to our attention by Ludwig Nussel at SUSE the md5

collision certificate should not be included. This update removes

the offending certificate.

 

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

 

The mozilla nss library has consequently been rebuilt to pickup these

changes and are also being provided.

_______________________________________________________________________

 

References:

 

http://www.phreedom.org/research/rogue-ca/

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2008.0:

c0be9cd2cbe32ecf0cbe9efcc6b48bcf 2008.0/i586/libnss3-3.12.3.1-0.3mdv2008.0.i586.rpm

4c85c05a4963b29efbe93324a73c0119 2008.0/i586/libnss-devel-3.12.3.1-0.3mdv2008.0.i586.rpm

78ea532897f095f3f0d022fb5196b310 2008.0/i586/libnss-static-devel-3.12.3.1-0.3mdv2008.0.i586.rpm

faa1a9f6d4ea0779c50d89b0995eb878 2008.0/i586/nss-3.12.3.1-0.3mdv2008.0.i586.rpm

b97cacbe47f6f4621bdf001c1a52279f 2008.0/i586/rootcerts-20091203.04-1mdv2008.0.i586.rpm

b77f8a14ff4d042fb56df39fcdc8c6b4 2008.0/SRPMS/nss-3.12.3.1-0.3mdv2008.0.src.rpm

fc9bc5da8d92ed59ca9e1116fc1e1066 2008.0/SRPMS/rootcerts-20091203.04-1mdv2008.0.src.rpm

 

Mandriva Linux 2008.0/X86_64:

ac8d7f4bcc518b7b114708e04ef2a81c 2008.0/x86_64/lib64nss3-3.12.3.1-0.3mdv2008.0.x86_64.rpm

7fd80d8e75bc863e8cc156f8eda34c99 2008.0/x86_64/lib64nss-devel-3.12.3.1-0.3mdv2008.0.x86_64.rpm

7e257ca13d9b4e5671e12014f8454fcd 2008.0/x86_64/lib64nss-static-devel-3.12.3.1-0.3mdv2008.0.x86_64.rpm

2890ad45cde084278e6c1aa41518616f 2008.0/x86_64/nss-3.12.3.1-0.3mdv2008.0.x86_64.rpm

1f4c8926245d72f28ee8f558367cb310 2008.0/x86_64/rootcerts-20091203.04-1mdv2008.0.x86_64.rpm

b77f8a14ff4d042fb56df39fcdc8c6b4 2008.0/SRPMS/nss-3.12.3.1-0.3mdv2008.0.src.rpm

fc9bc5da8d92ed59ca9e1116fc1e1066 2008.0/SRPMS/rootcerts-20091203.04-1mdv2008.0.src.rpm

 

Mandriva Linux 2009.0:

1e7275412d2d4b737a3aa661bb5b0c50 2009.0/i586/libnss3-3.12.3.1-0.3mdv2009.0.i586.rpm

2f253257d1140719dbccf85637373c2b 2009.0/i586/libnss-devel-3.12.3.1-0.3mdv2009.0.i586.rpm

65eca7cfcce65b60e69e95e8ba751621 2009.0/i586/libnss-static-devel-3.12.3.1-0.3mdv2009.0.i586.rpm

fa8c65e3c9907d1a7724b749acd2b665 2009.0/i586/nss-3.12.3.1-0.3mdv2009.0.i586.rpm

67dc4b43b2c5b258673fcd164a9b9c4d 2009.0/i586/rootcerts-20091203.04-1mdv2009.0.i586.rpm

4186a8c454fae03ce21ef73a73e27a4d 2009.0/i586/rootcerts-java-20091203.04-1mdv2009.0.i586.rpm

5b7822e13fb0b95668be13e39158e069 2009.0/SRPMS/nss-3.12.3.1-0.3mdv2009.0.src.rpm

8ba6271c1c615620593cd84e1d173d00 2009.0/SRPMS/rootcerts-20091203.04-1mdv2009.0.src.rpm

 

Mandriva Linux 2009.0/X86_64:

20c00afa062067ab98741c44f319afb1 2009.0/x86_64/lib64nss3-3.12.3.1-0.3mdv2009.0.x86_64.rpm

a4251bc21bf5af1c08509d2bd9c76212 2009.0/x86_64/lib64nss-devel-3.12.3.1-0.3mdv2009.0.x86_64.rpm

81a3bbe448dc979799f6062b3fe0c2c6 2009.0/x86_64/lib64nss-static-devel-3.12.3.1-0.3mdv2009.0.x86_64.rpm

913011d490c5147d3b1ee34ba8be1ab2 2009.0/x86_64/nss-3.12.3.1-0.3mdv2009.0.x86_64.rpm

10e756644972160ea696dddf9c96803f 2009.0/x86_64/rootcerts-20091203.04-1mdv2009.0.x86_64.rpm

d67b2fdc4ed9bfbe87dcd57df0187038 2009.0/x86_64/rootcerts-java-20091203.04-1mdv2009.0.x86_64.rpm

5b7822e13fb0b95668be13e39158e069 2009.0/SRPMS/nss-3.12.3.1-0.3mdv2009.0.src.rpm

8ba6271c1c615620593cd84e1d173d00 2009.0/SRPMS/rootcerts-20091203.04-1mdv2009.0.src.rpm

 

Mandriva Linux 2009.1:

df7500efc910c929ff5ba7746c6dabeb 2009.1/i586/libnss3-3.12.3.1-0.3mdv2009.1.i586.rpm

d3b0b27b327cb504cd4b05777ed55fa8 2009.1/i586/libnss-devel-3.12.3.1-0.3mdv2009.1.i586.rpm

4323ce43b907753870dc288d7f2e640e 2009.1/i586/libnss-static-devel-3.12.3.1-0.3mdv2009.1.i586.rpm

cd365d77dd94c02912d469ce5215beb5 2009.1/i586/nss-3.12.3.1-0.3mdv2009.1.i586.rpm

0570308849f28b09a876d72fc47836e6 2009.1/i586/rootcerts-20091203.04-1mdv2009.1.i586.rpm

2dedbde7d658cf77b302ad9f7b051357 2009.1/i586/rootcerts-java-20091203.04-1mdv2009.1.i586.rpm

1f4f9447cce88026fc67d3dbd2413de3 2009.1/SRPMS/nss-3.12.3.1-0.3mdv2009.1.src.rpm

e6acad2a8a3e795c19a885c9a8e77e30 2009.1/SRPMS/rootcerts-20091203.04-1mdv2009.1.src.rpm

 

Mandriva Linux 2009.1/X86_64:

38948df2bcdfc9b34cadc1b16a0f67a9 2009.1/x86_64/lib64nss3-3.12.3.1-0.3mdv2009.1.x86_64.rpm

e2f6989e17ab71c6d24b29cc543ea7af 2009.1/x86_64/lib64nss-devel-3.12.3.1-0.3mdv2009.1.x86_64.rpm

c7b8d609c5fc1f11bfc5ee743906e288 2009.1/x86_64/lib64nss-static-devel-3.12.3.1-0.3mdv2009.1.x86_64.rpm

c221f46ba77caacd158708e3a913d211 2009.1/x86_64/nss-3.12.3.1-0.3mdv2009.1.x86_64.rpm

29a5204bfa28b1cccbf1c071047d2073 2009.1/x86_64/rootcerts-20091203.04-1mdv2009.1.x86_64.rpm

dc7d3c85103609c70b755d9a21938563 2009.1/x86_64/rootcerts-java-20091203.04-1mdv2009.1.x86_64.rpm

1f4f9447cce88026fc67d3dbd2413de3 2009.1/SRPMS/nss-3.12.3.1-0.3mdv2009.1.src.rpm

e6acad2a8a3e795c19a885c9a8e77e30 2009.1/SRPMS/rootcerts-20091203.04-1mdv2009.1.src.rpm

 

Mandriva Linux 2010.0:

2be08ef724b95d7a6e704321e07fa10e 2010.0/i586/libnss3-3.12.4-2.2mdv2010.0.i586.rpm

ed12884eced5f6cd0c508c7f99a1da21 2010.0/i586/libnss-devel-3.12.4-2.2mdv2010.0.i586.rpm

632d90069e3f168a56d1154c9614d907 2010.0/i586/libnss-static-devel-3.12.4-2.2mdv2010.0.i586.rpm

a086ad0e94373ba3c41d14e30adbe9d0 2010.0/i586/nss-3.12.4-2.2mdv2010.0.i586.rpm

e984c6277a2652bce16c386291ca9f14 2010.0/i586/rootcerts-20091203.04-1mdv2010.0.i586.rpm

de701ae417835f8d258ba4920af03ce2 2010.0/i586/rootcerts-java-20091203.04-1mdv2010.0.i586.rpm

c90c11d64a63966caff483436d1369a2 2010.0/SRPMS/nss-3.12.4-2.2mdv2010.0.src.rpm

0366a795cffe41abf644a4d251fd5cd1 2010.0/SRPMS/rootcerts-20091203.04-1mdv2010.0.src.rpm

 

Mandriva Linux 2010.0/X86_64:

0f7bad4f8db6fbc5b46345b616569f82 2010.0/x86_64/lib64nss3-3.12.4-2.2mdv2010.0.x86_64.rpm

a3780118c20d0968b697768078a91140 2010.0/x86_64/lib64nss-devel-3.12.4-2.2mdv2010.0.x86_64.rpm

bd97fde246cfaa89521d1fe519ac504f 2010.0/x86_64/lib64nss-static-devel-3.12.4-2.2mdv2010.0.x86_64.rpm

555dfd2280715adf5ecf878392f412f7 2010.0/x86_64/nss-3.12.4-2.2mdv2010.0.x86_64.rpm

a85ef46a3f7390e525499da8cb517b28 2010.0/x86_64/rootcerts-20091203.04-1mdv2010.0.x86_64.rpm

f10c590d898002ef12a7836a6c946810 2010.0/x86_64/rootcerts-java-20091203.04-1mdv2010.0.x86_64.rpm

c90c11d64a63966caff483436d1369a2 2010.0/SRPMS/nss-3.12.4-2.2mdv2010.0.src.rpm

0366a795cffe41abf644a4d251fd5cd1 2010.0/SRPMS/rootcerts-20091203.04-1mdv2010.0.src.rpm

 

Mandriva Enterprise Server 5:

9fa3e7b43ab7dd6b71e93f7d7a530d9b mes5/i586/libnss3-3.12.3.1-0.3mdvmes5.i586.rpm

17c13b7371d4461e4590f3296b164d01 mes5/i586/libnss-devel-3.12.3.1-0.3mdvmes5.i586.rpm

fa7e5b35446a4b15fee350e4eb6469de mes5/i586/libnss-static-devel-3.12.3.1-0.3mdvmes5.i586.rpm

5d47263f3e2fe1d6eca529fbc41e1a45 mes5/i586/nss-3.12.3.1-0.3mdvmes5.i586.rpm

be3d17c8e3b70b2eea882d145a15ad3c mes5/i586/rootcerts-20091203.04-1mdvmes5.i586.rpm

afb96495ab464ee24a66857b3a81d56b mes5/i586/rootcerts-java-20091203.04-1mdvmes5.i586.rpm

f62814393267a1208020f4d0033dd525 mes5/SRPMS/nss-3.12.3.1-0.3mdvmes5.src.rpm

73ce2343464a93c3bc85b07a8781fd2e mes5/SRPMS/rootcerts-20091203.04-1mdv2010.1.src.rpm

 

Mandriva Enterprise Server 5/X86_64:

9d251b020faa05a233856ccae1ca5e4e mes5/x86_64/lib64nss3-3.12.3.1-0.3mdvmes5.x86_64.rpm

78e80398614e4f7968c9617a3020829a mes5/x86_64/lib64nss-devel-3.12.3.1-0.3mdvmes5.x86_64.rpm

566d190a3eb0a7aa9465ef58eb228b18 mes5/x86_64/lib64nss-static-devel-3.12.3.1-0.3mdvmes5.x86_64.rpm

9ceff03efa5892bfef7032a2261ee136 mes5/x86_64/nss-3.12.3.1-0.3mdvmes5.x86_64.rpm

5d5e4319fdc03572a356934a61879e86 mes5/x86_64/rootcerts-20091203.04-1mdvmes5.x86_64.rpm

84cd50aafe7321078026fb9a82ee2c33 mes5/x86_64/rootcerts-java-20091203.04-1mdvmes5.x86_64.rpm

f62814393267a1208020f4d0033dd525 mes5/SRPMS/nss-3.12.3.1-0.3mdvmes5.src.rpm

73ce2343464a93c3bc85b07a8781fd2e mes5/SRPMS/rootcerts-20091203.04-1mdv2010.1.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFLasA8mqjQ0CJFipgRAvWTAJ9q+4DLAscYRneWfm/GEfwYzIWJngCglu3b

6Ze+ZosQNiAPdmdu0mRM2Pk=

=xf3+

-----END PGP SIGNATURE-----

 

 

------------=_1265299415-24326-4018

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1265299415-24326-4018--

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×