Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.882472 |
Category: | CentOS Local Security Checks |
Title: | CentOS Update for nss-softokn CESA-2016:0685 centos7 |
Summary: | Check the version of nss-softokn |
Description: | Summary: Check the version of nss-softokn Vulnerability Insight: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss (3.21.0), nss-util (3.21.0), nspr (4.11.0). (BZ#1310581, BZ#1303021, BZ#1299872) Security Fix(es): * A use-after-free flaw was found in the way NSS handled DHE (DiffieHellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978 and Tim Taubert as the original reporter of CVE-2016-1979. Bug Fix(es): * The nss-softokn package has been updated to be compatible with NSS 3.21. (BZ#1326221) Affected Software/OS: nss-softokn on CentOS 7 Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-1978 BugTraq ID: 84275 http://www.securityfocus.com/bid/84275 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 Debian Security Information: DSA-3688 (Google Search) http://www.debian.org/security/2016/dsa-3688 https://security.gentoo.org/glsa/201605-06 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes RedHat Security Advisories: RHSA-2016:0591 http://rhn.redhat.com/errata/RHSA-2016-0591.html RedHat Security Advisories: RHSA-2016:0684 http://rhn.redhat.com/errata/RHSA-2016-0684.html RedHat Security Advisories: RHSA-2016:0685 http://rhn.redhat.com/errata/RHSA-2016-0685.html http://www.securitytracker.com/id/1035258 SuSE Security Announcement: SUSE-SU-2016:0727 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html SuSE Security Announcement: SUSE-SU-2016:0777 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html SuSE Security Announcement: SUSE-SU-2016:0820 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html SuSE Security Announcement: SUSE-SU-2016:0909 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html http://www.ubuntu.com/usn/USN-2973-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-1979 BugTraq ID: 84221 http://www.securityfocus.com/bid/84221 Debian Security Information: DSA-3576 (Google Search) http://www.debian.org/security/2016/dsa-3576 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes http://www.securitytracker.com/id/1035215 SuSE Security Announcement: openSUSE-SU-2016:0731 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html SuSE Security Announcement: openSUSE-SU-2016:0733 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html |
Copyright | Copyright (C) 2016 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |