Fraudulent Security Certificates Exploit Closed by Canonical

Multiple Ubuntu operating systems have been affected by this problem

By on January 15th, 2013 13:04 GMT

On January 14, Canonical published in a security notice details about an NSS vulnerability for its Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 12.04 LTS, Ubuntu 11.10, and Ubuntu 10.04 LTS operating systems.

According to Canonical, fraudulent security certificates could have allowed sensitive information to be exposed when accessing the Internet.

It was discovered that two intermediate CA certificates were mis-issued by the TURKTRUST certificate authority. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.

For a more detailed description of the security problems, you can visit Canonical's security notification.

Users can simply fix the security flaws by upgrading the operating systems to the latest libnss3-1d package, specific to each distribution.

After a standard system update, you need to restart any applications using NSS, such as Evolution and Chromium, to make all the necessary changes.

Comments