SuSE 11.2 / 11.3 Security Update : Mozilla NSS (SAT Patch Numbers 8484 / 8485)

medium Nessus Plugin ID 70938

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

Mozilla NSS has been updated to 3.15.2 (bnc#847708) bringing various features and bugfixes :

The main feature is TLS 1.2 support and its dependent algorithms.

- Support for AES-GCM ciphersuites that use the SHA-256 PRF

- MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs

- Add PK11_CipherFinal macro

- sizeof() used incorrectly

- nssutil_ReadSecmodDB() leaks memory

- Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished.

- Deprecate the SSL cipher policy code

- Avoid uninitialized data read in the event of a decryption failure. (CVE-2013-1739) Changes coming with version 3.15.1 :

- TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported.

- some bugfixes and improvements Changes with version 3.15

- New Functionality

- Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);

- Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete.

- Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt.

- certutil has been updated to support creating name constraints extensions.

Solution

Apply SAT patch number 8484 / 8485 as appropriate.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=847708

http://support.novell.com/security/cve/CVE-2013-1739.html

Plugin Details

Severity: Medium

ID: 70938

File Name: suse_11_mozilla-nss-201310-131030.nasl

Version: 1.3

Type: local

Agent: unix

Published: 11/17/2013

Updated: 1/19/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:mozilla-nspr-32bit, p-cpe:/a:novell:suse_linux:11:mozilla-nspr, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:11:libsoftokn3-32bit, p-cpe:/a:novell:suse_linux:11:mozilla-nss, p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit, p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools, p-cpe:/a:novell:suse_linux:11:libfreebl3, p-cpe:/a:novell:suse_linux:11:libsoftokn3, p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 10/30/2013

Reference Information

CVE: CVE-2013-1739