Lucene search

CentOS Update for nss CESA-2019:4190 centos7

The remote host is missing an update for the 'nss' package(s) announced via the CESA-2019:4190 advisory. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 199
Amazon	Important: nss-util	17 Feb 202300:11	–	amazon
Amazon	Important: nss-util	15 Feb 202403:52	–	amazon
Amazon	Important: nss	14 Jan 202020:03	–	amazon
Amazon	Medium: nss-softokn	6 Jan 202023:39	–	amazon
Amazon	Important: nss, nss-softokn, nss-util, nspr	16 Mar 202021:29	–	amazon
IBM Security Bulletins	Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities	17 Jun 202017:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Appliance is affected by Network Security Services (NSS) vulnerabilities (CVE-2019-11729 and CVE-2019-11745)	8 Jun 202011:24	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in nss, nss-softokn, nss-util vulnerability (CVE-2019-11729 and CVE-2019-11745)	22 Sep 202123:38	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Security is affected by Network Security Services (NSS) vulnerabilities (CVE-2019-11729, CVE-2019-11745)	27 Mar 202008:27	–	ibm
IBM Security Bulletins	Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities (CVE-2019-11729, CVE-2019-11745)	27 May 202008:33	–	ibm

Source	Link
lists	www.lists.centos.org/pipermail/centos-announce/2019-December/035590.html

# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.883157");
  script_version("2025-01-21T05:37:33+0000");
  script_cve_id("CVE-2019-11729", "CVE-2019-11745");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_tag(name:"last_modification", value:"2025-01-21 05:37:33 +0000 (Tue, 21 Jan 2025)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2021-02-19 17:22:00 +0000 (Fri, 19 Feb 2021)");
  script_tag(name:"creation_date", value:"2020-01-08 11:15:11 +0000 (Wed, 08 Jan 2020)");
  script_name("CentOS Update for nss CESA-2019:4190 centos7");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2020 Greenbone AG");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS7");

  script_xref(name:"CESA", value:"2019:4190");
  script_xref(name:"URL", value:"https://lists.centos.org/pipermail/centos-announce/2019-December/035590.html");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'nss'
  package(s) announced via the CESA-2019:4190 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Network Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications.

The nss-softokn package provides the Network Security Services Softoken
Cryptographic Module.

The nss-util packages provide utilities for use with the Network Security
Services (NSS) libraries.

Security Fix(es):

  * nss: Out-of-bounds write when passing an output buffer smaller than the
block size to NSC_EncryptUpdate (CVE-2019-11745)

  * nss: Empty or malformed p256-ECDH public keys may trigger a segmentation
fault (CVE-2019-11729)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.");

  script_tag(name:"affected", value:"'nss' package(s) on CentOS 7.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "CentOS7") {

  if(!isnull(res = isrpmvuln(pkg:"nss", rpm:"nss~3.44.0~7.el7_7", rls:"CentOS7"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"nss-devel", rpm:"nss-devel~3.44.0~7.el7_7", rls:"CentOS7"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"nss-pkcs11-devel", rpm:"nss-pkcs11-devel~3.44.0~7.el7_7", rls:"CentOS7"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"nss-sysinit", rpm:"nss-sysinit~3.44.0~7.el7_7", rls:"CentOS7"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"nss-tools", rpm:"nss-tools~3.44.0~7.el7_7", rls:"CentOS7"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if (__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

08 Jan 2020 00:00Current

8.2High risk

Vulners AI Score8.2

CVSS26.8

CVSS38.8

EPSS0.00631