Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2020-1839-1.NASLHistoryJul 09, 2020 - 12:00 a.m.
SUSE SLES12 Security Update : mozilla-nspr, mozilla-nss (SUSE-SU-2020:1839-1)
2020-07-0900:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
37
7.4 High
AI Score
Confidence
Low
This update for mozilla-nspr, mozilla-nss fixes the following issues :
mozilla-nss was updated to version 3.53.1
CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032).
CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978).
CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819).
Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669).
Fixed an issue where Firefox tab was crashing (bsc#1170908).
Release notes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53
_rele ase_notes
mozilla-nspr to version 4.25
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2020:1839-1.
# The text itself is copyright (C) SUSE.
#
include('compat.inc');
if (description)
{
script_id(138314);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/01");
script_cve_id("CVE-2019-17006", "CVE-2020-12399", "CVE-2020-12402");
script_name(english:"SUSE SLES12 Security Update : mozilla-nspr, mozilla-nss (SUSE-SU-2020:1839-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"This update for mozilla-nspr, mozilla-nss fixes the following issues :
mozilla-nss was updated to version 3.53.1
CVE-2020-12402: Fixed a potential side channel attack during RSA key
generation (bsc#1173032).
CVE-2020-12399: Fixed a timing attack on DSA signature generation
(bsc#1171978).
CVE-2019-17006: Added length checks for cryptographic primitives
(bsc#1159819).
Fixed various FIPS issues in libfreebl3 which were causing segfaults
in the test suite of chrony (bsc#1168669).
Fixed an issue where Firefox tab was crashing (bsc#1170908).
Release notes:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53
_rele ase_notes
mozilla-nspr to version 4.25
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1159819");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1168669");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1169746");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1170908");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1171978");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1173022");
# https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_rele
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5788f45b");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-17006/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-12399/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-12402/");
# https://www.suse.com/support/update/announcement/2020/suse-su-20201839-1
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?23e75b35");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE OpenStack Cloud Crowbar 9 :
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-1839=1
SUSE OpenStack Cloud Crowbar 8 :
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1839=1
SUSE OpenStack Cloud 9 :
zypper in -t patch SUSE-OpenStack-Cloud-9-2020-1839=1
SUSE OpenStack Cloud 8 :
zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1839=1
SUSE OpenStack Cloud 7 :
zypper in -t patch SUSE-OpenStack-Cloud-7-2020-1839=1
SUSE Linux Enterprise Software Development Kit 12-SP5 :
zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1839=1
SUSE Linux Enterprise Server for SAP 12-SP4 :
zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-1839=1
SUSE Linux Enterprise Server for SAP 12-SP3 :
zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1839=1
SUSE Linux Enterprise Server for SAP 12-SP2 :
zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1839=1
SUSE Linux Enterprise Server 12-SP5 :
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1839=1
SUSE Linux Enterprise Server 12-SP4-LTSS :
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-1839=1
SUSE Linux Enterprise Server 12-SP3-LTSS :
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1839=1
SUSE Linux Enterprise Server 12-SP3-BCL :
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1839=1
SUSE Linux Enterprise Server 12-SP2-LTSS :
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1839=1
SUSE Linux Enterprise Server 12-SP2-BCL :
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-1839=1
SUSE Enterprise Storage 5 :
zypper in -t patch SUSE-Storage-5-2020-1839=1
HPE Helion Openstack 8 :
zypper in -t patch HPE-Helion-OpenStack-8-2020-1839=1");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-17006");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/09");
script_set_attribute(attribute:"patch_publication_date", value:"2020/07/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfreebl3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfreebl3-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfreebl3-hmac");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsoftokn3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsoftokn3-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsoftokn3-hmac");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nspr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nspr-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nspr-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nspr-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-certs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-certs-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-sysinit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-sysinit-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(2|3|4|5)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2/3/4/5", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES12", sp:"4", reference:"libfreebl3-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"libfreebl3-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"libfreebl3-debuginfo-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"libfreebl3-debuginfo-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"libfreebl3-hmac-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"libfreebl3-hmac-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"libsoftokn3-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"libsoftokn3-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"libsoftokn3-debuginfo-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"libsoftokn3-debuginfo-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"libsoftokn3-hmac-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"libsoftokn3-hmac-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nspr-32bit-4.25-19.15.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nspr-4.25-19.15.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nspr-debuginfo-32bit-4.25-19.15.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nspr-debuginfo-4.25-19.15.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nspr-debugsource-4.25-19.15.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nspr-devel-4.25-19.15.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-certs-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-certs-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-certs-debuginfo-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-debuginfo-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-debuginfo-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-debugsource-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-devel-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-sysinit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-sysinit-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-tools-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"mozilla-nss-tools-debuginfo-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libfreebl3-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libfreebl3-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libfreebl3-debuginfo-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libfreebl3-debuginfo-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libfreebl3-hmac-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libfreebl3-hmac-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsoftokn3-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsoftokn3-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsoftokn3-debuginfo-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsoftokn3-debuginfo-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsoftokn3-hmac-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"libsoftokn3-hmac-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"mozilla-nspr-32bit-4.25-19.15.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"mozilla-nspr-4.25-19.15.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"mozilla-nspr-debuginfo-32bit-4.25-19.15.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"mozilla-nspr-debuginfo-4.25-19.15.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"mozilla-nspr-debugsource-4.25-19.15.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"mozilla-nspr-devel-4.25-19.15.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"mozilla-nss-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"mozilla-nss-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"mozilla-nss-certs-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"mozilla-nss-certs-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"mozilla-nss-certs-debuginfo-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"mozilla-nss-debuginfo-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"mozilla-nss-debuginfo-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"mozilla-nss-debugsource-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"mozilla-nss-devel-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"mozilla-nss-sysinit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"mozilla-nss-sysinit-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"mozilla-nss-tools-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"mozilla-nss-tools-debuginfo-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"libfreebl3-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"libfreebl3-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"libfreebl3-debuginfo-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"libfreebl3-debuginfo-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"libfreebl3-hmac-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"libfreebl3-hmac-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"libsoftokn3-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"libsoftokn3-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"libsoftokn3-debuginfo-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"libsoftokn3-debuginfo-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"libsoftokn3-hmac-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"libsoftokn3-hmac-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"mozilla-nspr-32bit-4.25-19.15.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"mozilla-nspr-4.25-19.15.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"mozilla-nspr-debuginfo-32bit-4.25-19.15.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"mozilla-nspr-debuginfo-4.25-19.15.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"mozilla-nspr-debugsource-4.25-19.15.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"mozilla-nss-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"mozilla-nss-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"mozilla-nss-certs-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"mozilla-nss-certs-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"mozilla-nss-certs-debuginfo-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"mozilla-nss-debuginfo-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"mozilla-nss-debuginfo-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"mozilla-nss-debugsource-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"mozilla-nss-sysinit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"mozilla-nss-sysinit-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"mozilla-nss-tools-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"mozilla-nss-tools-debuginfo-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"libfreebl3-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"libfreebl3-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"libfreebl3-debuginfo-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"libfreebl3-debuginfo-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"libfreebl3-hmac-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"libfreebl3-hmac-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"libsoftokn3-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"libsoftokn3-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"libsoftokn3-debuginfo-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"libsoftokn3-debuginfo-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"libsoftokn3-hmac-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"libsoftokn3-hmac-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mozilla-nspr-32bit-4.25-19.15.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mozilla-nspr-4.25-19.15.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mozilla-nspr-debuginfo-32bit-4.25-19.15.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mozilla-nspr-debuginfo-4.25-19.15.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mozilla-nspr-debugsource-4.25-19.15.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mozilla-nspr-devel-4.25-19.15.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mozilla-nss-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mozilla-nss-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mozilla-nss-certs-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mozilla-nss-certs-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mozilla-nss-certs-debuginfo-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mozilla-nss-certs-debuginfo-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mozilla-nss-debuginfo-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mozilla-nss-debuginfo-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mozilla-nss-debugsource-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mozilla-nss-devel-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mozilla-nss-sysinit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mozilla-nss-sysinit-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mozilla-nss-sysinit-debuginfo-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mozilla-nss-tools-3.53.1-58.48.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"mozilla-nss-tools-debuginfo-3.53.1-58.48.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mozilla-nspr / mozilla-nss");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | libfreebl3 | p-cpe:/a:novell:suse_linux:libfreebl3 |
| novell | suse_linux | libfreebl3-debuginfo | p-cpe:/a:novell:suse_linux:libfreebl3-debuginfo |
| novell | suse_linux | libfreebl3-hmac | p-cpe:/a:novell:suse_linux:libfreebl3-hmac |
| novell | suse_linux | libsoftokn3 | p-cpe:/a:novell:suse_linux:libsoftokn3 |
| novell | suse_linux | libsoftokn3-debuginfo | p-cpe:/a:novell:suse_linux:libsoftokn3-debuginfo |
| novell | suse_linux | libsoftokn3-hmac | p-cpe:/a:novell:suse_linux:libsoftokn3-hmac |
| novell | suse_linux | mozilla-nspr | p-cpe:/a:novell:suse_linux:mozilla-nspr |
| novell | suse_linux | mozilla-nspr-debuginfo | p-cpe:/a:novell:suse_linux:mozilla-nspr-debuginfo |
| novell | suse_linux | mozilla-nspr-debugsource | p-cpe:/a:novell:suse_linux:mozilla-nspr-debugsource |
| novell | suse_linux | mozilla-nspr-devel | p-cpe:/a:novell:suse_linux:mozilla-nspr-devel |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402
www.nessus.org/u?23e75b35
www.nessus.org/u?5788f45b
bugzilla.suse.com/show_bug.cgi?id=1159819
bugzilla.suse.com/show_bug.cgi?id=1168669
bugzilla.suse.com/show_bug.cgi?id=1169746
bugzilla.suse.com/show_bug.cgi?id=1170908
bugzilla.suse.com/show_bug.cgi?id=1171978
bugzilla.suse.com/show_bug.cgi?id=1173022
www.suse.com/security/cve/CVE-2019-17006/
www.suse.com/security/cve/CVE-2020-12399/
www.suse.com/security/cve/CVE-2020-12402/
Related
nessus
nessus
Debian DSA-4726-1 : nss - security update
2020-07-20 00:00:00
openSUSE Security Update : mozilla-nspr / mozilla-nss (openSUSE-2020-854)
2020-07-20 00:00:00
Debian DLA-2266-1 : nss security update
2020-07-01 00:00:00
osv
osv
nss - security update
2020-07-17 00:00:00
nss - security update
2020-06-30 00:00:00
Moderate: nss and nspr security, bug fix, and enhancement update
2020-08-03 12:45:28
openvas
openvas
openSUSE: Security Advisory for mozilla-nspr, (openSUSE-SU-2020:0854-1)
2020-06-25 00:00:00
Debian: Security Advisory for nss (DSA-4726-1)
2020-07-19 00:00:00
Debian LTS: Security Advisory for nss (DLA-2266-1)
2020-07-01 00:00:00
debian
debian
[SECURITY] [DSA 4726-1] nss security update
2020-07-17 18:06:14
[SECURITY] [DLA 2266-1] nss security update
2020-06-30 19:21:55
[SECURITY] [DLA 2058-1] nss security update
2020-01-06 23:25:44
suse
suse
Security update for mozilla-nspr, mozilla-nss (important)
2020-06-24 00:00:00
Security update for mozilla-nss (moderate)
2020-07-13 00:00:00
Security update for mozilla-nss (moderate)
2020-07-13 00:00:00
redhat
redhat
(RHSA-2020:3280) Moderate: nss and nspr security, bug fix, and enhancement update
2020-08-03 12:45:28
(RHSA-2021:1026) Moderate: nss-softokn security update
2021-03-30 07:24:03
(RHSA-2021:0758) Moderate: nss-softokn security update
2021-03-09 08:47:28
rocky
rocky
nss and nspr security, bug fix, and enhancement update
2020-08-03 12:45:28
oraclelinux
oraclelinux
nss and nspr security, bug fix, and enhancement update
2020-08-04 00:00:00
nss and nspr security, bug fix, and enhancement update
2020-10-08 00:00:00
almalinux
almalinux
Moderate: nss and nspr security, bug fix, and enhancement update
2020-08-03 12:45:28
ibm
ibm
debiancve
debiancve
ubuntucve
ubuntucve
cve
cve
ubuntu
ubuntu
NSS vulnerability
2020-01-08 00:00:00
NSS vulnerability
2020-06-17 00:00:00
NSS vulnerability
2020-07-06 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-08-04 02:02:53
Side-Channel Attack
2020-08-04 02:02:55
Information Disclosure
2020-08-06 21:36:34
symantec
symantec
redhatcve
redhatcve
alpinelinux
alpinelinux
CVE-2020-12399
2020-07-09 15:15:00
CVE-2020-12402
2020-07-09 15:15:00
fedora
fedora
[SECURITY] Fedora 31 Update: nss-3.54.0-1.fc31
2020-08-01 01:18:32
[SECURITY] Fedora 32 Update: nspr-4.26.0-1.fc32
2020-07-19 01:11:46
[SECURITY] Fedora 32 Update: nss-3.54.0-1.fc32
2020-07-19 01:11:47
prion
prion
Buffer overflow
2020-10-22 21:15:00
Design/Logic Flaw
2020-07-09 15:15:00
Design/Logic Flaw
2020-07-09 15:15:00
gentoo
gentoo
Mozilla Network Security Service (NSS): Information disclosure
2020-07-27 00:00:00
Mozilla Firefox: Multiple vulnerabilities
2020-07-26 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-3.0-0474
2022-10-21 00:00:00
amazon
amazon
Medium: nspr, nss-softokn, nss-util
2021-07-08 18:41:00
Medium: nspr, nss-softokn, nss-util, nss
2020-11-09 21:02:00
centos
centos
nspr, nss security update
2020-11-06 22:01:52
mageia
mageia
Updated firefox packages fix security vulnerability
2020-07-05 01:47:21
kaspersky
kaspersky
KLA11793 Multiple vulnerabilities in Mozilla Firefox ESR
2020-06-02 00:00:00
KLA11795 Multiple vulnerabilities in Mozilla Thunderbird
2020-06-02 00:00:00
KLA11792 Multiple vulnerabilities in Mozilla Firefox
2020-06-02 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 68.9 — Mozilla
2020-06-02 00:00:00
Security Vulnerabilities fixed in Thunderbird 68.9.0 — Mozilla
2020-06-02 00:00:00
Security Vulnerabilities fixed in Firefox 77 — Mozilla
2020-06-02 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package firefox-esr version 68.9.0-alt1
2020-06-03 00:00:00
Security fix for the ALT Linux 10 package thunderbird version 68.9.0-alt1
2020-06-04 00:00:00
Security fix for the ALT Linux 10 package firefox-esr version 78.0.1-alt1
2020-07-04 00:00:00
f5
f5
archlinux
archlinux
[ASA-202006-4] thunderbird: multiple issues
2020-06-06 00:00:00
[ASA-202006-1] firefox: multiple issues
2020-06-02 00:00:00
slackware
slackware
[slackware-security] mozilla-thunderbird
2020-06-04 18:27:58
ics
ics
Siemens RUGGEDCOM ROX II
2021-02-09 12:00:00