OracleVM 3.3 : nss (OVMSA-2014-0082)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

nss

- Added nss-vendor.patch to change vendor

- Resolves: Bug 1158160 - Upgrade to NSS 3.16.2.3 for
Firefox 31.3

- Remove unused indentation pseudo patch

- require nss util 3.16.2.3

- Restore patch for certutil man page

- supply missing options descriptions to the man page

- Resolves: Bug 1158160 - Upgrade to NSS 3.16.2.3 for
Firefox 31.3

- Resolves: Bug 1165003 - Upgrade to NSS 3.16.2.3 for
Firefox 31.3

- Support TLS_FALLBACK_SCSV in tstclnt and ssltap

- Resolves: Bug 1145432 - (CVE-2014-1568)

- Fix pem deadlock caused by previous version of a fix for
a race condition

- Fixes: Bug 1090681

- Add references to bugs filed upstream

- Related: Bug 1090681, Bug 1104300

- Resolves: Bug 1090681 - RHDS 9.1
389-ds-base-1.2.11.15-31 crash in PK11_DoesMechanism

- Replace expired PayPal test certificate that breaks the
build

- Related: Bug 1099619

- Fix defects found by coverity

- Resolves: Bug 1104300

- Backport nss-3.12.6 upstream fix required by Firefox 31

- Resolves: Bug 1099619

nss-util

- Resolves: Bug 1165003 - Upgrade to NSS 3.16.2.3 for
Firefox 31.3

- Fix the required nspr version to be 4.10.6

See also :

http://www.nessus.org/u?b3d548e1

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: OracleVM Local Security Checks

Nessus Plugin ID: 80007 ()

Bugtraq ID: 70116
72178

CVE ID: CVE-2014-1568

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now