Detections
Analytics

OracleVM 3.3 : nss (OVMSA-2014-0082)

high Nessus Plugin ID 80007

Language:

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

nss

 - Added nss-vendor.patch to change vendor

 - Resolves: Bug 1158160 - Upgrade to NSS 3.16.2.3 for Firefox 31.3

 - Remove unused indentation pseudo patch

 - require nss util 3.16.2.3

 - Restore patch for certutil man page

 - supply missing options descriptions to the man page

 - Resolves: Bug 1158160 - Upgrade to NSS 3.16.2.3 for Firefox 31.3

 - Resolves: Bug 1165003 - Upgrade to NSS 3.16.2.3 for Firefox 31.3

 - Support TLS_FALLBACK_SCSV in tstclnt and ssltap

 - Resolves: Bug 1145432 - (CVE-2014-1568)

 - Fix pem deadlock caused by previous version of a fix for a race condition

 - Fixes: Bug 1090681

 - Add references to bugs filed upstream

 - Related: Bug 1090681, Bug 1104300

 - Resolves: Bug 1090681 - RHDS 9.1 389-ds-base-1.2.11.15-31 crash in PK11_DoesMechanism

 - Replace expired PayPal test certificate that breaks the build

 - Related: Bug 1099619

 - Fix defects found by coverity

 - Resolves: Bug 1104300

 - Backport nss-3.12.6 upstream fix required by Firefox 31

 - Resolves: Bug 1099619

nss-util

 - Resolves: Bug 1165003 - Upgrade to NSS 3.16.2.3 for Firefox 31.3

 - Fix the required nspr version to be 4.10.6

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?b3d548e1

Plugin Details

Severity: High

ID: 80007

File Name: oraclevm_OVMSA-2014-0082.nasl

Version: 1.8

Type: local

Published: 12/15/2014

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:oracle:vm_server:3.3, p-cpe:/a:oracle:vm:nss-tools, p-cpe:/a:oracle:vm:nss-sysinit, p-cpe:/a:oracle:vm:nss-util, p-cpe:/a:oracle:vm:nss

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/10/2014

Vulnerability Publication Date: 9/25/2014

Reference Information

CVE: CVE-2014-1568

BID: 70116, 72178