Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871718
Category:Red Hat Local Security Checks
Title:RedHat Update for nss and nss-util RHSA-2016:2779-01
Summary:The remote host is missing an update for the 'nss and nss-util'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'nss and nss-util'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Network Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications.

The nss-util packages provide utilities for use with the Network Security
Services (NSS) libraries.

The following packages have been upgraded to a newer upstream version: nss
(3.12.3), nss-util (3.12.3).

Security Fix(es):

* Multiple buffer handling flaws were found in the way NSS handled
cryptographic data from the network. A remote attacker could use these
flaws to crash an application using NSS or, possibly, execute arbitrary
code with the permission of the user running the application.
(CVE-2016-2834)

* A NULL pointer dereference flaw was found in the way NSS handled invalid
Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL
server using NSS. (CVE-2016-5285)

* It was found that Diffie Hellman Client key exchange handling in NSS was
vulnerable to small subgroup confinement attack. An attacker could use this
flaw to recover private keys by confining the client DH key to small
subgroup of the desired group. (CVE-2016-8635)

Red Hat would like to thank the Mozilla project for reporting
CVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario (Red
Hat). Upstream acknowledges Tyson Smith and Jed Davis as the original
reporter of CVE-2016-2834.

Affected Software/OS:
nss and nss-util on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Server (v. 7),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-2834
BugTraq ID: 91072
http://www.securityfocus.com/bid/91072
Debian Security Information: DSA-3688 (Google Search)
http://www.debian.org/security/2016/dsa-3688
RedHat Security Advisories: RHSA-2016:2779
http://rhn.redhat.com/errata/RHSA-2016-2779.html
http://www.securitytracker.com/id/1036057
SuSE Security Announcement: SUSE-SU-2016:1691 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html
SuSE Security Announcement: openSUSE-SU-2016:1552 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html
SuSE Security Announcement: openSUSE-SU-2016:1557 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html
http://www.ubuntu.com/usn/USN-2993-1
http://www.ubuntu.com/usn/USN-3029-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-5285
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html
http://www.securityfocus.com/bid/94349
http://www.ubuntu.com/usn/USN-3163-1
https://bto.bluecoat.com/security-advisory/sa137
https://security.gentoo.org/glsa/201701-46
Common Vulnerability Exposure (CVE) ID: CVE-2016-8635
BugTraq ID: 94346
http://www.securityfocus.com/bid/94346
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.