Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2020-8.NASLHistoryJan 13, 2020 - 12:00 a.m.
openSUSE Security Update : mozilla-nspr / mozilla-nss (openSUSE-2020-8)
2020-01-1300:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
28
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
78.7%
This update for mozilla-nspr, mozilla-nss fixes the following issues :
mozilla-nss was updated to NSS 3.47.1 :
Security issues fixed :
-
CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819).
-
CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527).
-
CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322).
mozilla-nspr was updated to version 4.23 :
- Whitespace in C files was cleaned up and no longer uses tab characters for indenting.
This update was imported from the SUSE:SLE-15:Update update project.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2020-8.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('compat.inc');
if (description)
{
script_id(132849);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/01");
script_cve_id(
"CVE-2018-18508",
"CVE-2019-11727",
"CVE-2019-11745",
"CVE-2019-17006"
);
script_name(english:"openSUSE Security Update : mozilla-nspr / mozilla-nss (openSUSE-2020-8)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
script_set_attribute(attribute:"description", value:
"This update for mozilla-nspr, mozilla-nss fixes the following issues :
mozilla-nss was updated to NSS 3.47.1 :
Security issues fixed :
- CVE-2019-17006: Added length checks for cryptographic
primitives (bsc#1159819).
- CVE-2019-11745: EncryptUpdate should use maxout, not
block size (bsc#1158527).
- CVE-2019-11727: Fixed vulnerability sign
CertificateVerify with PKCS#1 v1.5 signatures issue
(bsc#1141322).
mozilla-nspr was updated to version 4.23 :
- Whitespace in C files was cleaned up and no longer uses
tab characters for indenting.
This update was imported from the SUSE:SLE-15:Update update project.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1141322");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158527");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1159819");
script_set_attribute(attribute:"solution", value:
"Update the affected mozilla-nspr / mozilla-nss packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-17006");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/23");
script_set_attribute(attribute:"patch_publication_date", value:"2020/01/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-hmac");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-hmac-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-hmac");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-hmac-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE15.1", reference:"libfreebl3-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libfreebl3-debuginfo-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libfreebl3-hmac-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libsoftokn3-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libsoftokn3-debuginfo-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libsoftokn3-hmac-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"mozilla-nspr-4.23-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"mozilla-nspr-debuginfo-4.23-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"mozilla-nspr-debugsource-4.23-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"mozilla-nspr-devel-4.23-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"mozilla-nss-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"mozilla-nss-certs-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"mozilla-nss-certs-debuginfo-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"mozilla-nss-debuginfo-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"mozilla-nss-debugsource-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"mozilla-nss-devel-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"mozilla-nss-sysinit-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"mozilla-nss-sysinit-debuginfo-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"mozilla-nss-tools-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"mozilla-nss-tools-debuginfo-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libfreebl3-32bit-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libfreebl3-32bit-debuginfo-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libfreebl3-hmac-32bit-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsoftokn3-32bit-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsoftokn3-32bit-debuginfo-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libsoftokn3-hmac-32bit-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"mozilla-nspr-32bit-4.23-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"mozilla-nspr-32bit-debuginfo-4.23-lp151.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"mozilla-nss-32bit-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"mozilla-nss-32bit-debuginfo-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-debuginfo-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.47.1-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-debuginfo-3.47.1-lp151.2.9.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mozilla-nspr / mozilla-nspr-debuginfo / mozilla-nspr-debugsource / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | libfreebl3 | p-cpe:/a:novell:opensuse:libfreebl3 |
| novell | opensuse | libfreebl3-32bit | p-cpe:/a:novell:opensuse:libfreebl3-32bit |
| novell | opensuse | libfreebl3-32bit-debuginfo | p-cpe:/a:novell:opensuse:libfreebl3-32bit-debuginfo |
| novell | opensuse | libfreebl3-debuginfo | p-cpe:/a:novell:opensuse:libfreebl3-debuginfo |
| novell | opensuse | libfreebl3-hmac | p-cpe:/a:novell:opensuse:libfreebl3-hmac |
| novell | opensuse | libfreebl3-hmac-32bit | p-cpe:/a:novell:opensuse:libfreebl3-hmac-32bit |
| novell | opensuse | libsoftokn3 | p-cpe:/a:novell:opensuse:libsoftokn3 |
| novell | opensuse | libsoftokn3-32bit | p-cpe:/a:novell:opensuse:libsoftokn3-32bit |
| novell | opensuse | libsoftokn3-32bit-debuginfo | p-cpe:/a:novell:opensuse:libsoftokn3-32bit-debuginfo |
| novell | opensuse | libsoftokn3-debuginfo | p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006
bugzilla.opensuse.org/show_bug.cgi?id=1141322
bugzilla.opensuse.org/show_bug.cgi?id=1158527
bugzilla.opensuse.org/show_bug.cgi?id=1159819
Related
openvas
openvas
openSUSE: Security Advisory for mozilla-nspr, mozilla-nss (openSUSE-SU-2020:0008-1)
2020-01-12 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:3395-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0088-1)
2021-04-19 00:00:00
suse
suse
Security update for mozilla-nspr, mozilla-nss (moderate)
2020-01-12 00:00:00
Security update for mozilla-nspr, mozilla-nss (important)
2020-06-24 00:00:00
nessus
nessus
ics
ics
Siemens RUGGEDCOM ROX II
2021-02-09 12:00:00
oraclelinux
oraclelinux
nss and nspr security, bug fix, and enhancement update
2019-08-05 00:00:00
nss security update
2019-12-09 00:00:00
nss-softokn security update
2019-12-11 00:00:00
cvelist
cvelist
prion
prion
Design/Logic Flaw
2020-10-22 21:15:00
Design/Logic Flaw
2019-07-23 14:15:00
Buffer overflow
2020-10-22 21:15:00
redhatcve
redhatcve
debiancve
debiancve
ubuntucve
ubuntucve
fedora
fedora
[SECURITY] Fedora 29 Update: nss-3.42.1-1.fc29
2019-02-15 02:39:36
[SECURITY] Fedora 28 Update: nss-3.42.1-1.fc28
2019-03-01 23:11:17
nvd
nvd
ubuntu
ubuntu
NSS vulnerability
2019-02-27 00:00:00
NSS vulnerability
2019-02-27 00:00:00
NSS vulnerability
2020-01-08 00:00:00
osv
osv
nss - security update
2020-01-06 00:00:00
nss - security update
2019-11-25 00:00:00
CVE-2019-11745
2020-01-08 20:15:12
ibm
ibm
cve
cve
redhat
redhat
(RHSA-2019:1951) Moderate: nss and nspr security, bug fix, and enhancement update
2019-07-30 19:33:01
(RHSA-2019:4152) Important: nss-softokn security update
2019-12-10 10:02:18
(RHSA-2019:4114) Important: nss security update
2019-12-09 12:58:06
veracode
veracode
Insecure Certificate Signature Signing
2020-09-21 06:30:08
Denial Of Service (DoS)
2020-08-04 02:02:53
Denial Of Service (DoS)
2019-12-10 00:18:20
debian
debian
[SECURITY] [DLA 2058-1] nss security update
2020-01-06 23:25:44
[SECURITY] [DLA 2008-1] nss security update
2019-11-25 23:15:08
[SECURITY] [DLA 1704-1] nss security update
2019-03-05 03:44:43
symantec
symantec
alpinelinux
alpinelinux
CVE-2019-11745
2020-01-08 20:15:12
gentoo
gentoo
Mozilla Network Security Service: Multiple vulnerabilities
2020-03-16 00:00:00
mageia
mageia
Updated nss packages fix security vulnerability
2019-12-08 21:12:18
centos
centos
nss security update
2019-12-11 17:44:29
nss security update
2019-12-24 15:55:26
nspr, nss security update
2020-11-06 22:01:52
amazon
amazon
Important: nss-util
2023-02-17 00:11:00
Important: nss
2020-01-14 20:03:00
Important: nss-util
2024-02-15 03:52:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-3.0-0474
2022-10-21 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
78.7%
Related for OPENSUSE-2020-8.NASL