SUSE SLED12 / SLES12 Security Update : MozillaFirefox / mozilla-nss (SUSE-SU-2014:1510-1)

2015-05-27T00:00:00
ID SUSE_SU-2014-1510-1.NASL
Type nessus
Reporter Tenable
Modified 2018-11-10T00:00:00

Description

  • update to Firefox 31.2.0 ESR (bnc#900941)

  • MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 (bmo#1001994, bmo#1011354, bmo#1018916, bmo#1020034, bmo#1023035, bmo#1032208, bmo#1033020, bmo#1034230, bmo#1061214, bmo#1061600, bmo#1064346, bmo#1072044, bmo#1072174) Miscellaneous memory safety hazards (rv:33.0/rv:31.2)

  • MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation

  • MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms

  • MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video

  • MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality

  • MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe

  • MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API

  • SSLv3 is disabled by default. See README.POODLE for more detailed information.

  • disable call home features

  • update to 3.17.2 (bnc#900941) Bugfix release

  • bmo#1049435 - Importing an RSA private key fails if p < q

  • bmo#1057161 - NSS hangs with 100% CPU on invalid EC key

  • bmo#1078669 - certutil crashes when using the --certVersion parameter

  • changes from earlier version of the 3.17 branch: update to 3.17.1 (bnc#897890)

  • MFSA 2014-73/CVE-2014-1568 (bmo#1064636, bmo#1069405) RSA Signature Forgery in NSS

  • Change library's signature algorithm default to SHA256

  • Add support for draft-ietf-tls-downgrade-scsv

  • Add clang-cl support to the NSS build system

  • Implement TLS 1.3 :

  • Part 1. Negotiate TLS 1.3

  • Part 2. Remove deprecated cipher suites andcompression.

  • Add support for little-endian powerpc64 update to 3.17

  • required for Firefox 33 New functionality :

  • When using ECDHE, the TLS server code may be configured to generate a fresh ephemeral ECDH key for each handshake, by setting the SSL_REUSE_SERVER_ECDHE_KEY socket option to PR_FALSE. The SSL_REUSE_SERVER_ECDHE_KEY option defaults to PR_TRUE, which means the server's ephemeral ECDH key is reused for multiple handshakes. This option does not affect the TLS client code, which always generates a fresh ephemeral ECDH key for each handshake. New Macros

  • SSL_REUSE_SERVER_ECDHE_KEY Notable Changes :

  • The manual pages for the certutil and pp tools have been updated to document the new parameters that had been added in NSS 3.16.2.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2014:1510-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(83849);
  script_version("2.8");
  script_cvs_date("Date: 2018/11/10 11:50:02");

  script_cve_id("CVE-2014-1568", "CVE-2014-1574", "CVE-2014-1575", "CVE-2014-1576", "CVE-2014-1577", "CVE-2014-1578", "CVE-2014-1581", "CVE-2014-1583", "CVE-2014-1585", "CVE-2014-1586");
  script_bugtraq_id(70116, 70424, 70425, 70426, 70427, 70428, 70430, 70436, 70439, 70440, 72178);

  script_name(english:"SUSE SLED12 / SLES12 Security Update : MozillaFirefox / mozilla-nss (SUSE-SU-2014:1510-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - update to Firefox 31.2.0 ESR (bnc#900941)

  - MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 (bmo#1001994,
    bmo#1011354, bmo#1018916, bmo#1020034, bmo#1023035,
    bmo#1032208, bmo#1033020, bmo#1034230, bmo#1061214,
    bmo#1061600, bmo#1064346, bmo#1072044, bmo#1072174)
    Miscellaneous memory safety hazards (rv:33.0/rv:31.2)

  - MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow
    during CSS manipulation

  - MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio
    memory corruption issues with custom waveforms

  - MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds
    write with WebM video

  - MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free
    interacting with text directionality

  - MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876,
    bmo#1062981) Inconsistent video sharing within iframe

  - MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing
    cross-origin objects via the Alarms API

  - SSLv3 is disabled by default. See README.POODLE for more
    detailed information.

  - disable call home features

  - update to 3.17.2 (bnc#900941) Bugfix release

  - bmo#1049435 - Importing an RSA private key fails if p &lt;
    q

  - bmo#1057161 - NSS hangs with 100% CPU on invalid EC key

  - bmo#1078669 - certutil crashes when using the
    --certVersion parameter

  - changes from earlier version of the 3.17 branch: update
    to 3.17.1 (bnc#897890)

  - MFSA 2014-73/CVE-2014-1568 (bmo#1064636, bmo#1069405)
    RSA Signature Forgery in NSS

  - Change library's signature algorithm default to SHA256

  - Add support for draft-ietf-tls-downgrade-scsv

  - Add clang-cl support to the NSS build system

  - Implement TLS 1.3 :

  - Part 1. Negotiate TLS 1.3

  - Part 2. Remove deprecated cipher suites andcompression.

  - Add support for little-endian powerpc64 update to 3.17

  - required for Firefox 33 New functionality :

  - When using ECDHE, the TLS server code may be configured
    to generate a fresh ephemeral ECDH key for each
    handshake, by setting the SSL_REUSE_SERVER_ECDHE_KEY
    socket option to PR_FALSE. The
    SSL_REUSE_SERVER_ECDHE_KEY option defaults to PR_TRUE,
    which means the server's ephemeral ECDH key is reused
    for multiple handshakes. This option does not affect the
    TLS client code, which always generates a fresh
    ephemeral ECDH key for each handshake. New Macros

  - SSL_REUSE_SERVER_ECDHE_KEY Notable Changes :

  - The manual pages for the certutil and pp tools have been
    updated to document the new parameters that had been
    added in NSS 3.16.2.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=897890"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=900941"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-1568/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-1574/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-1575/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-1576/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-1577/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-1578/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-1581/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-1583/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-1585/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2014-1586/"
  );
  # https://www.suse.com/support/update/announcement/2014/suse-su-20141510-1.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?789145a1"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12 :

zypper in -t patch SUSE-SLE-SDK-12-2014-81

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2014-81

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2014-81

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-branding-SLE");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfreebl3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfreebl3-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfreebl3-hmac");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsoftokn3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsoftokn3-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsoftokn3-hmac");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-certs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-certs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/11/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/27");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! ereg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" &gt;!&lt; cpu && "s390x" &gt;!&lt; cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! ereg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! ereg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-31.2.0esr-6.4")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-branding-SLE-31-4.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-debuginfo-31.2.0esr-6.4")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-debugsource-31.2.0esr-6.4")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-translations-31.2.0esr-6.4")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"libfreebl3-3.17.2-8.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"libfreebl3-debuginfo-3.17.2-8.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"libfreebl3-hmac-3.17.2-8.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"libsoftokn3-3.17.2-8.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"libsoftokn3-debuginfo-3.17.2-8.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"libsoftokn3-hmac-3.17.2-8.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nss-3.17.2-8.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nss-certs-3.17.2-8.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nss-certs-debuginfo-3.17.2-8.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nss-debuginfo-3.17.2-8.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nss-debugsource-3.17.2-8.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nss-tools-3.17.2-8.2")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nss-tools-debuginfo-3.17.2-8.2")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"MozillaFirefox-31.2.0esr-6.4")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"MozillaFirefox-branding-SLE-31-4.1")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"MozillaFirefox-debuginfo-31.2.0esr-6.4")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"MozillaFirefox-debugsource-31.2.0esr-6.4")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"MozillaFirefox-translations-31.2.0esr-6.4")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libfreebl3-3.17.2-8.2")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libfreebl3-debuginfo-3.17.2-8.2")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libsoftokn3-3.17.2-8.2")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"libsoftokn3-debuginfo-3.17.2-8.2")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mozilla-nss-3.17.2-8.2")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mozilla-nss-certs-3.17.2-8.2")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-3.17.2-8.2")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mozilla-nss-debuginfo-3.17.2-8.2")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mozilla-nss-debugsource-3.17.2-8.2")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mozilla-nss-tools-3.17.2-8.2")) flag++;
if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"mozilla-nss-tools-debuginfo-3.17.2-8.2")) flag++;


if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / mozilla-nss");
}