Test ID:	1.3.6.1.4.1.25623.1.0.120657
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2016-667)
Summary:	The remote host is missing an update for the 'nss-util' package(s) announced via the ALAS-2016-667 advisory.
Description:	Summary: The remote host is missing an update for the 'nss-util' package(s) announced via the ALAS-2016-667 advisory. Vulnerability Insight: A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. Affected Software/OS: 'nss-util' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1950 http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html BugTraq ID: 84223 http://www.securityfocus.com/bid/84223 Debian Security Information: DSA-3510 (Google Search) http://www.debian.org/security/2016/dsa-3510 Debian Security Information: DSA-3520 (Google Search) http://www.debian.org/security/2016/dsa-3520 Debian Security Information: DSA-3688 (Google Search) http://www.debian.org/security/2016/dsa-3688 https://security.gentoo.org/glsa/201605-06 RedHat Security Advisories: RHSA-2016:0495 http://rhn.redhat.com/errata/RHSA-2016-0495.html http://www.securitytracker.com/id/1035215 SuSE Security Announcement: SUSE-SU-2016:0727 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html SuSE Security Announcement: SUSE-SU-2016:0777 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html SuSE Security Announcement: SUSE-SU-2016:0820 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html SuSE Security Announcement: SUSE-SU-2016:0909 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html SuSE Security Announcement: openSUSE-SU-2016:0731 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html SuSE Security Announcement: openSUSE-SU-2016:0733 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html SuSE Security Announcement: openSUSE-SU-2016:1557 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://www.ubuntu.com/usn/USN-2917-1 http://www.ubuntu.com/usn/USN-2917-2 http://www.ubuntu.com/usn/USN-2917-3 http://www.ubuntu.com/usn/USN-2924-1 http://www.ubuntu.com/usn/USN-2934-1
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.