 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.123587 |
| Category: | Oracle Linux Local Security Checks |
| Title: | Oracle: Security Advisory (ELSA-2013-1144) |
| Summary: | The remote host is missing an update for the 'nspr, nss, nss-softokn, nss-util' package(s) announced via the ELSA-2013-1144 advisory. |
| Description: | Summary: The remote host is missing an update for the 'nspr, nss, nss-softokn, nss-util' package(s) announced via the ELSA-2013-1144 advisory. Vulnerability Insight: nspr [4.9.5-2] - Update to NSPR_4_9_5_RTM - Resolves: rhbz#927186 - Rebase to nspr-4.9.5 - Add upstream URL for an existing patch per packaging guidelines [4.9.5-1] - Resolves: Rebase to nspr-4.9.5 [4.9.2-1] - Update to nspr-4.9.2 - Related: rhbz#863286 nss [3.14.3-4.0.1.el6_4] - Added nss-vendor.patch to change vendor [3.14.3-4] - Revert to accepting MD5 on digital signatures by default - Resolves: rhbz#957603 - nss 3.14 - MD5 hash algorithm disabled [3.14.3-3] - Ensure pem uses system freebl as with this update freebl brings in new API's - Resolves: rhbz#927157 - [RFE][RHEL6] Rebase to nss-3.14.3 to fix the lucky-13 issue [3.14.3-2] - Install sechash.h and secmodt.h which are now provided by nss-devel - Resolves: rhbz#927157 - [RFE][RHEL6] Rebase to nss-3.14.3 to fix the lucky-13 issue - Remove unsafe -r option from commands that remove headers already shipped by nss-util and nss-softoken [3.14.3-1] - Update to NSS_3.14.3_RTM - Resolves: rhbz#927157 - [RFE][RHEL6] Rebase to nss-3.14.3 to fix the lucky-13 issue - Update expired test certificates (fixed in upstream bug 852781) - Sync up pem module's rsawrapr.c with softoken's upstream changes for nss-3.14.3 - Reactivate the aia tests nss-softokn [3.14.3-3] - Add patch to conditionally compile according to old or new sqlite api - new is used on rhel-6 while rhel-5 uses old but we need the same code for both - Resolves: rhbz#927158 - Rebase to nss-softokn 3.14.3 to fix the lucky-13 issue [3.14.3-2] - Revert to using a code patch for relro support - Related: rhbz#927158 [3.14.3-1] - Update to NSS_3_14_3_RTM - Resolves: rhbz#927158 - Rebase to nss-softokn 3.14.3 to fix the lucky-13 issue - Add export LD_LIBRARY_PATH=//usr/lib before the signing commands in __spec_install_post scriplet to ensure signing tool links with in-tree freebl so verification uses same algorithm as in signing - Add %check section to run the upstream crypto reqression test suite as per packaging guidelines - Don't install sechash.h or secmodt.h which as per 3.14 are provided by nss-devel - Update the licence to MPLv2.0 [3.12.9-12] - Bootstrapping of the builroot in preparation for rebase to 3.14.3 - Remove hasht.h from the %files devel list to prevent update conflicts with nss-util - With 3.14.3 hasht.h will be provided by nss-util-devel - Related: rhbz#927158 - rebase nss-softokn to 3.14.3 nss-util [3.14.3-3] - Resolves: rhbz#984967 - nssutil_ReadSecmodDB leaks memory [3.14.3-2] - Revert to accepting MD5 on digital signatures by default - Resolves: rhbz#957603 - nss 3.14 - MD5 hash algorithm disabled [3.14.3-1] - Update to NSS_3_14_3_RTM - Resolves: rhbz#927171 - Rebase to 3.14.3 as part of the fix for the lucky-13 issue Affected Software/OS: 'nspr, nss, nss-softokn, nss-util' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-0791 BugTraq ID: 58826 http://www.securityfocus.com/bid/58826 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17150 RedHat Security Advisories: RHSA-2013:1135 http://rhn.redhat.com/errata/RHSA-2013-1135.html RedHat Security Advisories: RHSA-2013:1144 http://rhn.redhat.com/errata/RHSA-2013-1144.html SuSE Security Announcement: SUSE-SU-2013:0645 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html SuSE Security Announcement: SUSE-SU-2013:0850 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html SuSE Security Announcement: openSUSE-SU-2013:0630 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html SuSE Security Announcement: openSUSE-SU-2013:0631 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html http://www.ubuntu.com/usn/USN-1791-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-1620 BugTraq ID: 57777 http://www.securityfocus.com/bid/57777 BugTraq ID: 64758 http://www.securityfocus.com/bid/64758 Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/534161/100/0/threaded http://seclists.org/fulldisclosure/2014/Dec/23 http://security.gentoo.org/glsa/glsa-201406-19.xml http://www.isg.rhul.ac.uk/tls/TLStiming.pdf http://openwall.com/lists/oss-security/2013/02/05/24 http://www.ubuntu.com/usn/USN-1763-1 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |