Detections
Analytics

OracleVM 3.3 : nss (OVMSA-2015-0073)

medium Nessus Plugin ID 84440

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

nss

 - Added nss-vendor.patch to change vendor

 - Additional NULL initialization.

 - Updated the patch to keep old cipher suite order

 - Resolves: Bug 1224449

 - Rebase to nss-3.19.1

 - Resolves: Bug 1224449

 - On RHEL 6.x keep the TLS version defaults unchanged.

 - Relax the requirement from pkcs11-devel to nss-softokn-freebl-devel to allow same or newer.

 - Require softokn build 22 to ensure runtime compatibility.

 - Update to CKBI 2.4 from NSS 3.18.1 (the only change in NSS 3.18.1)

 - Update and reeneable nss-646045.patch on account of the rebase

 - Resolves: Bug 1207052 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]

 - Fix shell syntax error in nss/tests/all.sh

 - Resolves: Bug 1207052 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-6.6]

 - Restore a patch that had been mistakenly disabled

 - Resolves: Bug 1207052 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-6.6]

 - Replace expired PayPal test certificate that breaks the build

 - Resolves: Bug 1207052 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-6.6]

 - Rebase to NSS 3.18

 - Resolves: Bug 1200900 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-6.6]

 - Keep the same cipher suite order as we had in NSS_3_15_3_RTM

 - Resolves: Bug 1202488 - openldap-2.4.23-34.el6_5.1.i686 fails after updating nss to nss-3.16.1-4.el6_5.i686

 - Resolves: Bug 1182902 - rhel65 ns-slapd crash, segfault error 4 in libnss3.so in PK11_DoesMechanism at pk11slot.c:1824

nss-util

 - Rebase to nss-3.19.1

 - Resolves: Bug 1224449

 - Resolves: - Bug 1205064 - [RHEL6.6] nss-util 3.18 rebase required for firefox 38 ESR

Solution

Update the affected packages.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2015-June/000323.html

Plugin Details

Severity: Medium

ID: 84440

File Name: oraclevm_OVMSA-2015-0073.nasl

Version: 2.4

Type: local

Published: 6/29/2015

Updated: 1/4/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:nss, p-cpe:/a:oracle:vm:nss-sysinit, p-cpe:/a:oracle:vm:nss-tools, p-cpe:/a:oracle:vm:nss-util, cpe:/o:oracle:vm_server:3.3

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Patch Publication Date: 6/26/2015

Vulnerability Publication Date: 6/26/2015