OracleVM 3.3 : nss (OVMSA-2016-0003)

medium Nessus Plugin ID 87802

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- Added nss-vendor.patch to change vendor

- Prevent TLS 1.2 Transcript Collision attacks against MD5 in key exchange protocol

- Resolves: Bug 1289881

Solution

Update the affected nss / nss-sysinit / nss-tools packages.

See Also

http://www.nessus.org/u?14ed3273

Plugin Details

Severity: Medium

ID: 87802

File Name: oraclevm_OVMSA-2016-0003.nasl

Version: 2.4

Type: local

Published: 1/8/2016

Updated: 1/4/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:nss, p-cpe:/a:oracle:vm:nss-sysinit, p-cpe:/a:oracle:vm:nss-tools, cpe:/o:oracle:vm_server:3.3

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Patch Publication Date: 1/7/2016

Vulnerability Publication Date: 1/7/2016