OracleVM 3.3 : nss (OVMSA-2014-0014)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Added nss-vendor.patch to change vendor

- Update some patches on account of the rebase

- Resolves: Bug 1099619

- Backport nss-3.12.6 upstream fix required by Firefox 31

- Resolves: Bug 1099619

- Remove two unused patches and apply a needed one that
was missed

- Resolves: Bug 1112136 - Rebase nss in RHEL 6.5.Z to NSS
3.16.1

- Update to nss-3.16.1

- Resolves: Bug 1112136 - Rebase nss in RHEL 6.5.Z to NSS
3.16.1

- Make pem's derEncodingsMatch function work with
encrypted keys

- Resolves: Bug 1048713 - [PEM] active FTPS with encrypted
client key ends up with
SSL_ERROR_TOKEN_INSERTION_REMOVAL

- Remove unused patches

- Resolves: Bug 1048713

- Resolves: Bug 1048713 - [PEM] active FTPS with encrypted
client key ends up with
SSL_ERROR_TOKEN_INSERTION_REMOVAL

- Revoke trust in one mis-issued anssi certificate

- Resolves: Bug 1042685 - nss: Mis-issued ANSSI/DCSSI
certificate (MFSA 2013-117) [rhel-6.6]

- Enable patch with fix for deadlock in trust domain lock
and object lock

- Resolves: Bug 1036477 - deadlock in trust domain lock
and object lock

- Disable hw gcm on rhel-5 based build environments where
OS lacks support

- Rollback changes to build nss without softokn until Bug
689919 is approved

- Cipher suite was run as part of the nss-softokn build

- Update to NSS_3_15_3_RTM

- Resolves: Bug 1032470 - CVE-2013-5605 CVE-2013-5606
(CVE-2013-1741)

- Using export NSS_DISABLE_HW_GCM=1 to deal with some
problemmatic build systems

- Resolves: rhbz#1016044 - nss.s390: primary link for
libnssckbi.so must be /usr/lib64/libnssckbi.so

- Add s390x and ia64 to the %define multilib_arches list
used for defining alt_ckbi

- Resolves: rhbz#1016044 - nss.s390: primary link for
libnssckbi.so must be /usr/lib64/libnssckbi.so

- Add zero default value to DISABLETEST check and fix the
TEST_FAILURES check and reporting

- Resolves: rhbz#990631 - file permissions of
pkcs11.txt/secmod.db must be kept when modified by NSS

- Related: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for
FF 24.x)

- Add a zero default value to the DISABLETEST and
TEST_FAILURES checks

- Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1
(for FF 24.x)

- Fix the test for zero failures in the %check section

- Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1
(for FF 24.x)

- Restore a mistakenly removed patch

- Resolves: rhbz#961659 - SQL backend does not reload
certificates

- Rebuild for the pem module to link with freel from
nss-softokn-3.14.3-6.el6

- Related: rhbz#993441 - NSS needs to conform to new FIPS
standard.

- Related: rhbz#1010224 - NSS 3.15 breaks SSL in OpenLDAP
clients

- Don't require nss-softokn-fips

- Resolves: rhbz#993441 - NSS needs to conform to new FIPS
standard.

- Additional syntax fixes in
nss-versus-softoken-test.patch

- Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1
(for FF 24.x)

- Fix all.sh test for which application was last build by
updating nss-versus-softoken-test.path

- Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1
(for FF 24.x)

- Disable the cipher suite already run as part of the
nss-softokn build

- Resolves: rhbz#993441 - NSS needs to conform to new FIPS
standard.

- Require nss-softokn-fips

- Resolves: rhbz#993441 - NSS needs to conform to new FIPS
standard.

See also :

http://www.nessus.org/u?7cd372b4
http://www.nessus.org/u?60735f17

Solution :

Update the affected nss / nss-sysinit / nss-tools packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: OracleVM Local Security Checks

Nessus Plugin ID: 79537 ()

Bugtraq ID: 63736
63737
63738

CVE ID: CVE-2013-1741
CVE-2013-5605
CVE-2013-5606

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now