Search...

SuSE 11.3 Security Update : openssl-certs (SAT Patch Number 8924)

2014-03-06T00:00:00

ID SUSE_11_OPENSSL-CERTS-140224.NASL
Type nessus
Reporter Tenable
Modified 2014-03-06T00:00:00

Description

The openssl-certs package was updated to match the certificates contained in the Mozilla NSS 3.15.4 release.

Following changes were done to the list of root CAs :

Added: ACCVRAIZ1.pem (Spain) (all trusts)

Added: SG_TRUST_SERVICES_RACINE.pem (Singapore) (email signing only)

Added: TWCA_Global_Root_CA.pem (Taiwanese) (all trusts)

Removed: Wells_Fargo_Root_CA.pem If openssl1 is available as a command line tool, also certificate hashes for openssl1 are created. (bnc#860581)

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

include("compat.inc");

if (description)
{
  script_id(72856);
  script_version("$Revision: 1.1 $");
  script_cvs_date("$Date: 2014/03/06 11:47:45 $");

  script_name(english:"SuSE 11.3 Security Update : openssl-certs (SAT Patch Number 8924)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The openssl-certs package was updated to match the certificates
contained in the Mozilla NSS 3.15.4 release.

Following changes were done to the list of root CAs :

  - Added: ACCVRAIZ1.pem (Spain) (all trusts)

  - Added: SG_TRUST_SERVICES_RACINE.pem (Singapore) (email
    signing only)

  - Added: TWCA_Global_Root_CA.pem (Taiwanese) (all trusts)

  - Removed: Wells_Fargo_Root_CA.pem If openssl1 is
    available as a command line tool, also certificate
    hashes for openssl1 are created. (bnc#860581)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=860581"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=865080"
  );
  script_set_attribute(attribute:"solution", value:"Apply SAT patch number 8924.");
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:openssl-certs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/02/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/06");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" &gt;!&lt; cpu && "s390x" &gt;!&lt; cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");


flag = 0;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"openssl-certs-1.96-0.4.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"openssl-certs-1.96-0.4.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"openssl-certs-1.96-0.4.1")) flag++;


if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"published": "2014-03-06T00:00:00", "id": "SUSE_11_OPENSSL-CERTS-140224.NASL", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [{"differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:26:38", "bulletin": {"enchantments": {}, "published": "2014-03-06T00:00:00", "id": "SUSE_11_OPENSSL-CERTS-140224.NASL", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [], "cpe": [], "hash": "9a2d9e4de1e190e90b719daa97bd3b825ddbef88fd075103a57c1a4cf46d61b3", "description": "The openssl-certs package was updated to match the certificates contained in the Mozilla NSS 3.15.4 release.\n\nFollowing changes were done to the list of root CAs :\n\n - Added: ACCVRAIZ1.pem (Spain) (all trusts)\n\n - Added: SG_TRUST_SERVICES_RACINE.pem (Singapore) (email signing only)\n\n - Added: TWCA_Global_Root_CA.pem (Taiwanese) (all trusts)\n\n - Removed: Wells_Fargo_Root_CA.pem If openssl1 is available as a command line tool, also certificate hashes for openssl1 are created. (bnc#860581)", "type": "nessus", "pluginID": "72856", "lastseen": "2016-09-26T17:26:38", "edition": 1, "title": "SuSE 11.3 Security Update : openssl-certs (SAT Patch Number 8924)", "href": "https://www.tenable.com/plugins/index.php?view=single&id=72856", "modified": "2014-03-06T00:00:00", "bulletinFamily": "scanner", "viewCount": 1, "cvelist": [], "references": ["https://bugzilla.novell.com/show_bug.cgi?id=865080", "https://bugzilla.novell.com/show_bug.cgi?id=860581"], "naslFamily": "SuSE Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72856);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/03/06 11:47:45 $\");\n\n script_name(english:\"SuSE 11.3 Security Update : openssl-certs (SAT Patch Number 8924)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openssl-certs package was updated to match the certificates\ncontained in the Mozilla NSS 3.15.4 release.\n\nFollowing changes were done to the list of root CAs :\n\n - Added: ACCVRAIZ1.pem (Spain) (all trusts)\n\n - Added: SG_TRUST_SERVICES_RACINE.pem (Singapore) (email\n signing only)\n\n - Added: TWCA_Global_Root_CA.pem (Taiwanese) (all trusts)\n\n - Removed: Wells_Fargo_Root_CA.pem If openssl1 is\n available as a command line tool, also certificate\n hashes for openssl1 are created. (bnc#860581)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=860581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=865080\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 8924.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openssl-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"openssl-certs-1.96-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"openssl-certs-1.96-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"openssl-certs-1.96-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "hashmap": [{"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "63f2036b552a9594b689a2be6f608fb2", "key": "sourceData"}, {"hash": "05b7e755a1306086e15d07a58c222253", "key": "description"}, {"hash": "9bcd1a51ee2a096283fa6a0961566771", "key": "modified"}, {"hash": "9bcd1a51ee2a096283fa6a0961566771", "key": "published"}, {"hash": "7263b99c31dd1455c764b9b1922cb4f2", "key": "pluginID"}, {"hash": "35f5f89e23f253d29c5f587e7fe3a1c0", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "f27017d6a7786ca60fc0f2436f351c12", "key": "title"}, {"hash": "77f5ab22e95eff08f6dab2cefbfed8a9", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "objectVersion": "1.2"}}], "description": "The openssl-certs package was updated to match the certificates contained in the Mozilla NSS 3.15.4 release.\n\nFollowing changes were done to the list of root CAs :\n\n - Added: ACCVRAIZ1.pem (Spain) (all trusts)\n\n - Added: SG_TRUST_SERVICES_RACINE.pem (Singapore) (email signing only)\n\n - Added: TWCA_Global_Root_CA.pem (Taiwanese) (all trusts)\n\n - Removed: Wells_Fargo_Root_CA.pem If openssl1 is available as a command line tool, also certificate hashes for openssl1 are created. (bnc#860581)", "hash": "d0fed741dc8fd386c486b3a10954d07d3ecc8fa685f5e0f8703719961fa05a2f", "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "type": "nessus", "pluginID": "72856", "lastseen": "2017-10-29T13:45:34", "edition": 2, "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:openssl-certs"], "title": "SuSE 11.3 Security Update : openssl-certs (SAT Patch Number 8924)", "href": "https://www.tenable.com/plugins/index.php?view=single&id=72856", "modified": "2014-03-06T00:00:00", "bulletinFamily": "scanner", "viewCount": 1, "cvelist": [], "references": ["https://bugzilla.novell.com/show_bug.cgi?id=865080", "https://bugzilla.novell.com/show_bug.cgi?id=860581"], "naslFamily": "SuSE Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72856);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/03/06 11:47:45 $\");\n\n script_name(english:\"SuSE 11.3 Security Update : openssl-certs (SAT Patch Number 8924)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openssl-certs package was updated to match the certificates\ncontained in the Mozilla NSS 3.15.4 release.\n\nFollowing changes were done to the list of root CAs :\n\n - Added: ACCVRAIZ1.pem (Spain) (all trusts)\n\n - Added: SG_TRUST_SERVICES_RACINE.pem (Singapore) (email\n signing only)\n\n - Added: TWCA_Global_Root_CA.pem (Taiwanese) (all trusts)\n\n - Removed: Wells_Fargo_Root_CA.pem If openssl1 is\n available as a command line tool, also certificate\n hashes for openssl1 are created. (bnc#860581)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=860581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=865080\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 8924.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openssl-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"openssl-certs-1.96-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"openssl-certs-1.96-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"openssl-certs-1.96-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "96734208234d34e39274fd124e57962e", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "05b7e755a1306086e15d07a58c222253", "key": "description"}, {"hash": "77f5ab22e95eff08f6dab2cefbfed8a9", "key": "href"}, {"hash": "9bcd1a51ee2a096283fa6a0961566771", "key": "modified"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "7263b99c31dd1455c764b9b1922cb4f2", "key": "pluginID"}, {"hash": "9bcd1a51ee2a096283fa6a0961566771", "key": "published"}, {"hash": "35f5f89e23f253d29c5f587e7fe3a1c0", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "63f2036b552a9594b689a2be6f608fb2", "key": "sourceData"}, {"hash": "f27017d6a7786ca60fc0f2436f351c12", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "objectVersion": "1.3"}