Lucene search
RedHat Update for nss, nspr, and nss-util RHSA-2012:1091-01
🗓️ 19 Jul 2012 00:00:00Reported by Copyright (C) 2012 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 24 Views
The remote host is missing an update for the 'nss, nspr, and nss-util' package(s) announced via the referenced advisory. It is advised to upgrade to the updated packages which correct these issues and add these enhancements
Show more
| Reporter | Title | Published | Views | Family All 116 |
|---|---|---|---|---|
| CentOS Update for nspr CESA-2012:1090 centos5 | 30 Jul 201200:00 | – | openvas |
| CentOS Update for nspr CESA-2012:1091 centos6 | 30 Jul 201200:00 | – | openvas |
| Mozilla Firefox Security Advisory (MFSA2012-39) - Linux | 11 Nov 202100:00 | – | openvas |
| Ubuntu: Security Advisory (USN-1540-1) | 17 Aug 201200:00 | – | openvas |
| CentOS Update for nspr CESA-2012:1090 centos5 | 30 Jul 201200:00 | – | openvas |
| RedHat Update for nss and nspr RHSA-2012:1090-01 | 19 Jul 201200:00 | – | openvas |
| RedHat Update for nss and nspr RHSA-2012:1090-01 | 19 Jul 201200:00 | – | openvas |
| RedHat Update for nss, nspr, and nss-util RHSA-2012:1091-01 | 19 Jul 201200:00 | – | openvas |
| Ubuntu Update for nss USN-1540-1 | 17 Aug 201200:00 | – | openvas |
| CentOS Update for nspr CESA-2012:1091 centos6 | 30 Jul 201200:00 | – | openvas |
10
| Source | Link |
|---|---|
| redhat | www.redhat.com/archives/rhsa-announce/2012-July/msg00018.html |
# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_xref(name:"URL", value:"https://www.redhat.com/archives/rhsa-announce/2012-July/msg00018.html");
script_oid("1.3.6.1.4.1.25623.1.0.870791");
script_version("2024-03-21T05:06:54+0000");
script_tag(name:"last_modification", value:"2024-03-21 05:06:54 +0000 (Thu, 21 Mar 2024)");
script_tag(name:"creation_date", value:"2012-07-19 10:28:46 +0530 (Thu, 19 Jul 2012)");
script_cve_id("CVE-2012-0441");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_xref(name:"RHSA", value:"2012:1091-01");
script_name("RedHat Update for nss, nspr, and nss-util RHSA-2012:1091-01");
script_tag(name:"summary", value:"The remote host is missing an update for the 'nss, nspr, and nss-util'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2012 Greenbone AG");
script_family("Red Hat Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms", re:"ssh/login/release=RHENT_6");
script_tag(name:"affected", value:"nss, nspr, and nss-util on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_tag(name:"insight", value:"Network Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications. Netscape Portable Runtime (NSPR) provides platform
independence for non-GUI operating system facilities.
A flaw was found in the way the ASN.1 (Abstract Syntax Notation One)
decoder in NSS handled zero length items. This flaw could cause the decoder
to incorrectly skip or replace certain items with a default value, or could
cause an application to crash if, for example, it received a
specially-crafted OCSP (Online Certificate Status Protocol) response.
(CVE-2012-0441)
The nspr package has been upgraded to upstream version 4.9.1, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#833762)
The nss-util package has been upgraded to upstream version 3.13.5, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#833763)
The nss package has been upgraded to upstream version 3.13.5, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#834100)
All NSS, NSPR, and nss-util users are advised to upgrade to these updated
packages, which correct these issues and add these enhancements. After
installing this update, applications using NSS, NSPR, or nss-util must be
restarted for this update to take effect.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release) exit(0);
res = "";
if(release == "RHENT_6")
{
if ((res = isrpmvuln(pkg:"nspr", rpm:"nspr~4.9.1~2.el6_3", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"nspr-debuginfo", rpm:"nspr-debuginfo~4.9.1~2.el6_3", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"nspr-devel", rpm:"nspr-devel~4.9.1~2.el6_3", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"nss", rpm:"nss~3.13.5~1.el6_3", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"nss-debuginfo", rpm:"nss-debuginfo~3.13.5~1.el6_3", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"nss-devel", rpm:"nss-devel~3.13.5~1.el6_3", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"nss-sysinit", rpm:"nss-sysinit~3.13.5~1.el6_3", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"nss-tools", rpm:"nss-tools~3.13.5~1.el6_3", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"nss-util", rpm:"nss-util~3.13.5~1.el6_3", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"nss-util-debuginfo", rpm:"nss-util-debuginfo~3.13.5~1.el6_3", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"nss-util-devel", rpm:"nss-util-devel~3.13.5~1.el6_3", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo19 Jul 2012 00:00Current
9.7High risk
Vulners AI Score9.7
CVSS25
EPSS0.03581