Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2016-0584-1.NASL
HistoryFeb 29, 2016 - 12:00 a.m.

SUSE SLES11 Security Update : MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-SLES-for-VMware, mozilla-nss (SUSE-SU-2016:0584-1) (SLOTH)

2016-02-2900:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22
JSON

This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues :

Firefox 38.6.1 ESR (bsc#967087)

The following vulnerabilities were fixed :

  • CVE-2016-1523: Fixed denial of service in Graphite 2 library (MFSA 2016-14/bmo#1246093)

Firefox 38.6.0 ESR + Mozilla NSS 3.20.2. (bsc#963520)

The following vulnerabilities were fixed :

  • CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632)

  • CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635)

  • CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731)

  • CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature (bsc#959888)

The following improvements were added :

  • bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites

  • Tracking protection is now enabled by default

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2016:0584-1.
# The text itself is copyright (C) SUSE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(89021);
  script_version("2.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2015-7575", "CVE-2016-1523", "CVE-2016-1930", "CVE-2016-1935", "CVE-2016-1938");

  script_name(english:"SUSE SLES11 Security Update : MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-SLES-for-VMware, mozilla-nss (SUSE-SU-2016:0584-1) (SLOTH)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for MozillaFirefox, MozillaFirefox-branding-SLE,
mozilla-nss fixes the following issues :

Firefox 38.6.1 ESR (bsc#967087)

The following vulnerabilities were fixed :

  - CVE-2016-1523: Fixed denial of service in Graphite 2
    library (MFSA 2016-14/bmo#1246093)

Firefox 38.6.0 ESR + Mozilla NSS 3.20.2. (bsc#963520)

The following vulnerabilities were fixed :

  - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR
    38.6 (bsc#963632)

  - CVE-2016-1935: Buffer overflow in WebGL after out of
    memory allocation (bsc#963635)

  - CVE-2016-1938: Calculations with mp_div and mp_exptmod
    in Network Security Services (NSS) canproduce wrong
    results (bsc#963731)

  - CVE-2015-7575: MD5 signatures accepted within TLS 1.2
    ServerKeyExchange in server signature (bsc#959888)

The following improvements were added :

  - bsc#954447: Mozilla NSS now supports a number of new DHE
    ciphersuites

  - Tracking protection is now enabled by default

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=954447"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=959888"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=963520"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=963632"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=963635"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=963731"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=967087"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-7575/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-1523/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-1930/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-1935/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-1938/"
  );
  # https://www.suse.com/support/update/announcement/2016/suse-su-20160584-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?63210051"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11-SP2-LTSS :

zypper in -t patch slessp2-mozilla-12419=1

SUSE Linux Enterprise Debuginfo 11-SP2 :

zypper in -t patch dbgsp2-mozilla-12419=1

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-branding-SLED");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfreebl3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/02/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/29");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP2", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"libfreebl3-32bit-3.20.2-17.5")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"mozilla-nss-32bit-3.20.2-17.5")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"libfreebl3-32bit-3.20.2-17.5")) flag++;
if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"mozilla-nss-32bit-3.20.2-17.5")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"MozillaFirefox-38.6.1esr-33.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"MozillaFirefox-branding-SLED-38-15.58")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"MozillaFirefox-translations-38.6.1esr-33.1")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"libfreebl3-3.20.2-17.5")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"mozilla-nss-3.20.2-17.5")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"mozilla-nss-devel-3.20.2-17.5")) flag++;
if (rpm_check(release:"SLES11", sp:"2", reference:"mozilla-nss-tools-3.20.2-17.5")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / MozillaFirefox-branding-SLED / MozillaFirefox-branding-SLES-for-VMware / mozilla-nss");
}
VendorProductVersionCPE
novellsuse_linuxmozillafirefoxp-cpe:/a:novell:suse_linux:mozillafirefox
novellsuse_linuxmozillafirefox-branding-sledp-cpe:/a:novell:suse_linux:mozillafirefox-branding-sled
novellsuse_linuxmozillafirefox-translationsp-cpe:/a:novell:suse_linux:mozillafirefox-translations
novellsuse_linuxlibfreebl3p-cpe:/a:novell:suse_linux:libfreebl3
novellsuse_linuxmozilla-nssp-cpe:/a:novell:suse_linux:mozilla-nss
novellsuse_linuxmozilla-nss-develp-cpe:/a:novell:suse_linux:mozilla-nss-devel
novellsuse_linuxmozilla-nss-toolsp-cpe:/a:novell:suse_linux:mozilla-nss-tools
novellsuse_linux11cpe:/o:novell:suse_linux:11

Related

nessus 39
openvas 49
ubuntu 2
debian 6
archlinux 2
suse 5
veracode 3
oraclelinux 4
centos 3
redhat 4
mageia 2
ubuntucve 3
cve 4
prion 4
debiancve 2
mozilla 3
talos 1
ibm 58
lenovo 1
kaspersky 1
amazon 1
f5 1
freebsd 1
nessus
nessus
Ubuntu 14.04 LTS : Thunderbird vulnerabilities (USN-2904-1)
2016-03-09 00:00:00
Debian DSA-3491-1 : icedove - security update (SLOTH)
2016-02-25 00:00:00
openSUSE Security Update : Thunderbird (openSUSE-2016-225) (SLOTH)
2016-02-18 00:00:00
openvas
openvas
Debian Security Advisory DSA 3491-1 (icedove - security update)
2016-03-08 00:00:00
Ubuntu Update for thunderbird USN-2904-1
2016-03-10 00:00:00
Debian Security Advisory DSA 3491-1 (icedove - security update)
2016-03-08 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2016-03-08 00:00:00
Firefox vulnerability
2016-01-08 00:00:00
debian
debian
[SECURITY] [DSA 3491-1] icedove security update
2016-02-24 22:03:08
[SECURITY] [DSA 3457-1] iceweasel security update
2016-01-27 21:00:03
[SECURITY] [DSA 3477-1] iceweasel security update
2016-02-14 11:57:08
archlinux
archlinux
thunderbird: multiple issues
2016-02-21 00:00:00
mbedtls: man-in-the-middle
2016-01-25 00:00:00
suse
suse
Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nss (important)
2016-02-04 19:11:54
Security update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss (important)
2016-02-04 19:16:05
Security update for xulrunner (important)
2016-02-02 02:14:21
veracode
veracode
Buffer Overflow
2019-05-02 05:24:07
Denial Of Service (DoS)
2019-01-15 09:10:01
Man-in-the-Middle (MitM)
2019-01-15 09:09:31
oraclelinux
oraclelinux
firefox security update
2016-01-27 00:00:00
thunderbird security update
2016-02-18 00:00:00
nss security update
2016-01-07 00:00:00
centos
centos
firefox security update
2016-01-27 13:24:01
thunderbird security update
2016-02-18 17:19:24
gnutls security update
2016-01-07 22:10:02
redhat
redhat
(RHSA-2016:0071) Critical: firefox security update
2016-01-27 00:00:00
(RHSA-2016:0258) Important: thunderbird security update
2016-02-18 00:00:00
(RHSA-2016:0007) Moderate: nss security update
2016-01-07 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerability
2016-01-29 14:02:50
Updated thunderbird packages fix security vulnerability
2016-02-17 22:06:01
ubuntucve
ubuntucve
CVE-2016-1930
2016-01-26 00:00:00
CVE-2016-1935
2016-01-26 00:00:00
CVE-2016-1523
2016-02-08 00:00:00
cve
cve
CVE-2016-1930
2016-01-31 18:59:00
CVE-2016-1523
2016-02-13 02:59:00
CVE-2016-1935
2016-01-31 18:59:00
prion
prion
Memory corruption
2016-01-31 18:59:00
Buffer overflow
2016-01-31 18:59:00
Null pointer dereference
2016-02-13 02:59:00
debiancve
debiancve
CVE-2016-1523
2016-02-13 02:59:00
CVE-2015-7575
2016-01-09 02:59:00
mozilla
mozilla
Vulnerabilities in Graphite 2 — Mozilla
2016-02-11 00:00:00
Buffer overflow in WebGL after out of memory allocation — Mozilla
2016-01-26 00:00:00
MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature — Mozilla
2015-12-22 00:00:00
talos
talos
Libgraphite Context Item Code Execution Vulnerability
2016-02-05 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in IBM Java SDK affect IBM Security Guardium Data Redaction (CVE-2015-7575)
2018-06-16 21:39:33
Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Flex System FC5022 16Gb SAN Scalable Switch (CVE-2015-7575)
2019-01-31 02:25:02
Security Bulletin: Vulnerability in IBM Java SDK affect IBM Spectrum Scale RAID/IBM GPFS Native RAID (CVE-2015-7575)
2021-03-08 18:46:02
lenovo
lenovo
Security Losses from Obsolete and Truncated Transcript Hashes (SLOTH)
2016-08-14 00:00:00
kaspersky
kaspersky
KLA10732 Security bypass vulnerability in Mozilla Firefox and Firefox ESR
2015-12-22 00:00:00
amazon
amazon
Medium: gnutls
2016-02-09 13:30:00
f5
f5
K02201365 : SLOTH: TLS 1.2 handshake vulnerability CVE-2015-7575
2016-01-23 00:00:00
freebsd
freebsd
NSS -- MD5 downgrade in TLS 1.2 signatures
2015-12-22 00:00:00
JSON
Related for SUSE_SU-2016-0584-1.NASL
nessus39openvas49ubuntu2debian6archlinux2suse5veracode3oraclelinux4centos3redhat4mageia2ubuntucve3cve4prion4debiancve2mozilla3talos1ibm58lenovo1kaspersky1amazon1f51freebsd1