SuSE 11.2 Security Update : Mozilla NSS (SAT Patch Number 8484)

medium Nessus Plugin ID 70937

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

Mozilla NSS has been updated to 3.15.2 (bnc#847708) bringing various features and bugfixes :

The main feature is TLS 1.2 support and its dependent algorithms.

- Support for AES-GCM ciphersuites that use the SHA-256 PRF

- MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs

- Add PK11_CipherFinal macro

- sizeof() used incorrectly

- nssutil_ReadSecmodDB() leaks memory

- Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished.

- Deprecate the SSL cipher policy code

- Avoid uninitialized data read in the event of a decryption failure. (CVE-2013-1739) Changes coming with version 3.15.1 :

- TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported.

- some bugfixes and improvements Changes with version 3.15

- New Functionality

- Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);

- Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete.

- Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt.

- certutil has been updated to support creating name constraints extensions.

Solution

Apply SAT patch number 8484.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=847708

http://support.novell.com/security/cve/CVE-2013-1739.html

Plugin Details

Severity: Medium

ID: 70937

File Name: suse_11_mozilla-nss-201310-131029.nasl

Version: 1.3

Type: local

Agent: unix

Published: 11/17/2013

Updated: 1/19/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:mozilla-nspr-32bit, p-cpe:/a:novell:suse_linux:11:mozilla-nspr, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:11:mozilla-nss, p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit, p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools, p-cpe:/a:novell:suse_linux:11:libfreebl3, p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 10/29/2013

Reference Information

CVE: CVE-2013-1739