SuSE 10 Security Update : Mozilla NSS (ZYPP Patch Number 7746)

high Nessus Plugin ID 57232

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This update updates Mozilla NSS to 3.12.11.

The update marks the compromised DigiNotar Certificate Authority as untrusted

For more information read: MFSA 2011-34

- update to 3.12.10 o root CA changes o filter certain bogus certs (bmo#642815) o fix minor memory leaks o other bugfixes

- update to 3.12.9 o fix minor memory leaks (bmo#619268) o fix crash in nss_cms_decoder_work_data (bmo#607058) o fix crash in certutil (bmo#620908) o handle invalid argument in JPAKE (bmo#609068) o J-PAKE support (API requirement for Firefox >= 4.0b8)

- replaced expired PayPal test certificate (fixing testsuite)

- removed DigiNotar root certifiate from trusted db (bmo#682927) This update also brings the prerequired Mozilla NSPR to version 4.8.9. - update to 4.8.9 - update to 4.8.8 * support IPv6 on Android (bmo#626866) * use AI_ADDRCONFIG for loopback hostnames (bmo#614526) * support SDP sockets (bmo#518078) * support m32r architecture (bmo#635667) * use atomic functions on ARM (bmo#626309) * some other fixes not affecting the Linux platform

Solution

Apply ZYPP patch number 7746.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2011-34/

Plugin Details

Severity: High

ID: 57232

File Name: suse_nss-31211-7746.nasl

Version: 1.6

Type: local

Agent: unix

Published: 12/13/2011

Updated: 1/19/2021

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 9/7/2011

Vulnerability Publication Date: 9/7/2011