OracleVM 3.3 : nss (OVMSA-2014-0014)

High Nessus Plugin ID 79537

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- Added nss-vendor.patch to change vendor

- Update some patches on account of the rebase

- Resolves: Bug 1099619

- Backport nss-3.12.6 upstream fix required by Firefox 31

- Resolves: Bug 1099619

- Remove two unused patches and apply a needed one that was missed

- Resolves: Bug 1112136 - Rebase nss in RHEL 6.5.Z to NSS 3.16.1

- Update to nss-3.16.1

- Resolves: Bug 1112136 - Rebase nss in RHEL 6.5.Z to NSS 3.16.1

- Make pem's derEncodingsMatch function work with encrypted keys

- Resolves: Bug 1048713 - [PEM] active FTPS with encrypted client key ends up with SSL_ERROR_TOKEN_INSERTION_REMOVAL

- Remove unused patches

- Resolves: Bug 1048713

- Resolves: Bug 1048713 - [PEM] active FTPS with encrypted client key ends up with SSL_ERROR_TOKEN_INSERTION_REMOVAL

- Revoke trust in one mis-issued anssi certificate

- Resolves: Bug 1042685 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) [rhel-6.6]

- Enable patch with fix for deadlock in trust domain lock and object lock

- Resolves: Bug 1036477 - deadlock in trust domain lock and object lock

- Disable hw gcm on rhel-5 based build environments where OS lacks support

- Rollback changes to build nss without softokn until Bug 689919 is approved

- Cipher suite was run as part of the nss-softokn build

- Update to NSS_3_15_3_RTM

- Resolves: Bug 1032470 - CVE-2013-5605 CVE-2013-5606 (CVE-2013-1741)

- Using export NSS_DISABLE_HW_GCM=1 to deal with some problemmatic build systems

- Resolves: rhbz#1016044 - nss.s390: primary link for libnssckbi.so must be /usr/lib64/libnssckbi.so

- Add s390x and ia64 to the %define multilib_arches list used for defining alt_ckbi

- Resolves: rhbz#1016044 - nss.s390: primary link for libnssckbi.so must be /usr/lib64/libnssckbi.so

- Add zero default value to DISABLETEST check and fix the TEST_FAILURES check and reporting

- Resolves: rhbz#990631 - file permissions of pkcs11.txt/secmod.db must be kept when modified by NSS

- Related: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x)

- Add a zero default value to the DISABLETEST and TEST_FAILURES checks

- Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x)

- Fix the test for zero failures in the %check section

- Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x)

- Restore a mistakenly removed patch

- Resolves: rhbz#961659 - SQL backend does not reload certificates

- Rebuild for the pem module to link with freel from nss-softokn-3.14.3-6.el6

- Related: rhbz#993441 - NSS needs to conform to new FIPS standard.

- Related: rhbz#1010224 - NSS 3.15 breaks SSL in OpenLDAP clients

- Don't require nss-softokn-fips

- Resolves: rhbz#993441 - NSS needs to conform to new FIPS standard.

- Additional syntax fixes in nss-versus-softoken-test.patch

- Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x)

- Fix all.sh test for which application was last build by updating nss-versus-softoken-test.path

- Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x)

- Disable the cipher suite already run as part of the nss-softokn build

- Resolves: rhbz#993441 - NSS needs to conform to new FIPS standard.

- Require nss-softokn-fips

- Resolves: rhbz#993441 - NSS needs to conform to new FIPS standard.

Solution

Update the affected nss / nss-sysinit / nss-tools packages.

See Also

http://www.nessus.org/u?7cd372b4

http://www.nessus.org/u?60735f17

Plugin Details

Severity: High

ID: 79537

File Name: oraclevm_OVMSA-2014-0014.nasl

Version: 1.6

Type: local

Published: 2014/11/26

Updated: 2018/07/24

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:nss, p-cpe:/a:oracle:vm:nss-sysinit, p-cpe:/a:oracle:vm:nss-tools, cpe:/o:oracle:vm_server:3.3

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/08/29

Reference Information

CVE: CVE-2013-1741, CVE-2013-5605, CVE-2013-5606

BID: 63736, 63737, 63738