Detections
Analytics

OracleVM 3.3 : nss (OVMSA-2014-0014)

high Nessus Plugin ID 79537

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

 - Added nss-vendor.patch to change vendor

 - Update some patches on account of the rebase

 - Resolves: Bug 1099619

 - Backport nss-3.12.6 upstream fix required by Firefox 31

 - Resolves: Bug 1099619

 - Remove two unused patches and apply a needed one that was missed

 - Resolves: Bug 1112136 - Rebase nss in RHEL 6.5.Z to NSS 3.16.1

 - Update to nss-3.16.1

 - Resolves: Bug 1112136 - Rebase nss in RHEL 6.5.Z to NSS 3.16.1

 - Make pem's derEncodingsMatch function work with encrypted keys

 - Resolves: Bug 1048713 - [PEM] active FTPS with encrypted client key ends up with SSL_ERROR_TOKEN_INSERTION_REMOVAL

 - Remove unused patches

 - Resolves: Bug 1048713

 - Resolves: Bug 1048713 - [PEM] active FTPS with encrypted client key ends up with SSL_ERROR_TOKEN_INSERTION_REMOVAL

 - Revoke trust in one mis-issued anssi certificate

 - Resolves: Bug 1042685 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) [rhel-6.6]

 - Enable patch with fix for deadlock in trust domain lock and object lock

 - Resolves: Bug 1036477 - deadlock in trust domain lock and object lock

 - Disable hw gcm on rhel-5 based build environments where OS lacks support

 - Rollback changes to build nss without softokn until Bug 689919 is approved

 - Cipher suite was run as part of the nss-softokn build

 - Update to NSS_3_15_3_RTM

 - Resolves: Bug 1032470 - CVE-2013-5605 CVE-2013-5606 (CVE-2013-1741)

 - Using export NSS_DISABLE_HW_GCM=1 to deal with some problemmatic build systems

 - Resolves: rhbz#1016044 - nss.s390: primary link for libnssckbi.so must be /usr/lib64/libnssckbi.so

 - Add s390x and ia64 to the %define multilib_arches list used for defining alt_ckbi

 - Resolves: rhbz#1016044 - nss.s390: primary link for libnssckbi.so must be /usr/lib64/libnssckbi.so

 - Add zero default value to DISABLETEST check and fix the TEST_FAILURES check and reporting

 - Resolves: rhbz#990631 - file permissions of pkcs11.txt/secmod.db must be kept when modified by NSS

 - Related: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x)

 - Add a zero default value to the DISABLETEST and TEST_FAILURES checks

 - Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x)

 - Fix the test for zero failures in the %check section

 - Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x)

 - Restore a mistakenly removed patch

 - Resolves: rhbz#961659 - SQL backend does not reload certificates

 - Rebuild for the pem module to link with freel from nss-softokn-3.14.3-6.el6

 - Related: rhbz#993441 - NSS needs to conform to new FIPS standard.

- Related: rhbz#1010224 - NSS 3.15 breaks SSL in OpenLDAP clients

 - Don't require nss-softokn-fips

 - Resolves: rhbz#993441 - NSS needs to conform to new FIPS standard.

- Additional syntax fixes in nss-versus-softoken-test.patch

 - Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x)

 - Fix all.sh test for which application was last build by updating nss-versus-softoken-test.path

 - Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x)

 - Disable the cipher suite already run as part of the nss-softokn build

 - Resolves: rhbz#993441 - NSS needs to conform to new FIPS standard.

- Require nss-softokn-fips

 - Resolves: rhbz#993441 - NSS needs to conform to new FIPS standard.

Solution

Update the affected nss / nss-sysinit / nss-tools packages.

See Also

http://www.nessus.org/u?7cd372b4

http://www.nessus.org/u?60735f17

Plugin Details

Severity: High

ID: 79537

File Name: oraclevm_OVMSA-2014-0014.nasl

Version: 1.8

Type: local

Published: 11/26/2014

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:nss, p-cpe:/a:oracle:vm:nss-sysinit, p-cpe:/a:oracle:vm:nss-tools, cpe:/o:oracle:vm_server:3.3

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 8/29/2014

Vulnerability Publication Date: 11/18/2013

Reference Information

CVE: CVE-2013-1741, CVE-2013-5605, CVE-2013-5606

BID: 63736, 63737, 63738