Debian Security Advisory DSA 3688-1 (nss - security update)

Debian Security Advisory DSA 3688-1 (nss - security update) Several vulnerabilities discovered in NSS, the cryptography library developed by the Mozilla project. Update contains correctness and stability fixes without immediate security impact

Reporter	Title	Published	Views	Family All 2009
IBM Security Bulletins	Security Bulletin: Using Components with Known Vulnerabilities affects IBM Security Guardium (multiple CVEs)	16 Jun 201821:41	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability with Diffie-Hellman ciphers may affect WebSphere Lombardi Edition and IBM Business Process Manager (CVE-2015-4000)	15 Jun 201807:03	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Open SSL affect Power Hardware Management Console (CVE-2015-4000)	23 Sep 202101:31	–	ibm
IBM Security Bulletins	Security Bulletin:Multiple Security Vulnerabilities exist in IBM Cognos Insight	24 Feb 202007:27	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM MQ Light (CVE-2015-4000)	15 Jun 201807:03	–	ibm
IBM Security Bulletins	Release of QRadar 7.2.8 Patch 4 (7.2.8.20170224202650) Updated w/Security Bulletins	10 May 201914:29	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM Security Access Manager for Web and IBM Tivoli Access Manager for e-business (CVE-2015-4000)	16 Jun 201821:25	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ affect Business Process Manager, and bundled products shipped with IBM Cloud Orchestrator	17 Jun 201822:33	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) and Rational Directory Administrator (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931, CVE-2015-7575, CVE-2015-4872)	17 Jun 201805:10	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM DB2 Recovery Expert for Linux, UNIX and Windows (CVE-2015-4000)	16 Jun 201813:11	–	ibm

Source	Link
debian	www.debian.org/security/2016/dsa-3688.html

# OpenVAS Vulnerability Test
# $Id: deb_3688.nasl 6608 2017-07-07 12:05:05Z cfischer $
# Auto-generated from advisory DSA 3688-1 using nvtgen 1.0
# Script version: 1.0
#
# Author:
# Greenbone Networks
#
# Copyright:
# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#


if(description)
{
    script_id(703688);
    script_version("$Revision: 6608 $");
    script_cve_id("CVE-2015-4000", "CVE-2015-7181", "CVE-2015-7182", "CVE-2015-7575",
                  "CVE-2016-1938", "CVE-2016-1950", "CVE-2016-1978", "CVE-2016-1979",
                  "CVE-2016-2834");
    script_name("Debian Security Advisory DSA 3688-1 (nss - security update)");
    script_tag(name: "last_modification", value: "$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $");
    script_tag(name: "creation_date", value: "2016-10-05 00:00:00 +0200 (Wed, 05 Oct 2016)");
    script_tag(name:"cvss_base", value:"9.3");
    script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
    script_tag(name: "solution_type", value: "VendorFix");
    script_tag(name: "qod_type", value: "package");

    script_xref(name: "URL", value: "http://www.debian.org/security/2016/dsa-3688.html");


    script_category(ACT_GATHER_INFO);

    script_copyright("Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net");
    script_family("Debian Local Security Checks");
    script_dependencies("gather-package-list.nasl");
    script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
    script_tag(name: "affected",  value: "nss on Debian Linux");
    script_tag(name: "insight",   value: "nss is a set of libraries designed
to support cross-platform development of security-enabled client and server
applications.");
    script_tag(name: "solution",  value: "For the stable distribution (jessie),
these problems have been fixed in version 2:3.26-1+debu8u1.

For the unstable distribution (sid), these problems have been fixed in
version 2:3.23-1.

We recommend that you upgrade your nss packages.");
    script_tag(name: "summary",   value: "Several vulnerabilities were discovered
in NSS, the cryptography library developed by the Mozilla project.

CVE-2015-4000 
David Adrian et al. reported that it may be feasible to attack
Diffie-Hellman-based cipher suites in certain circumstances,
compromising the confidentiality and integrity of data encrypted
with Transport Layer Security (TLS).

CVE-2015-7181 CVE-2015-7182 CVE-2016-1950 
Tyson Smith, David Keeler, and Francis Gabriel discovered
heap-based buffer overflows in the ASN.1 DER parser, potentially
leading to arbitrary code execution.

CVE-2015-7575 
Karthikeyan Bhargavan discovered that TLS client implementation
accepted MD5-based signatures for TLS 1.2 connections with forward
secrecy, weakening the intended security strength of TLS
connections.

CVE-2016-1938 
Hanno Boeck discovered that NSS miscomputed the result of integer
division for certain inputs. This could weaken the cryptographic
protections provided by NSS. However, NSS implements RSA-CRT leak
hardening, so RSA private keys are not directly disclosed by this
issue.

CVE-2016-1978 
Eric Rescorla discovered a use-after-free vulnerability in the
implementation of ECDH-based TLS handshakes, with unknown
consequences.

CVE-2016-1979 
Tim Taubert discovered a use-after-free vulnerability in ASN.1 DER
processing, with application-specific impact.

CVE-2016-2834 
Tyson Smith and Jed Davis discovered unspecified memory-safety
bugs in NSS.

In addition, the NSS library did not ignore environment variables in
processes which underwent a SUID/SGID/AT_SECURE transition at process
start. In certain system configurations, this allowed local users to
escalate their privileges.

This update contains further correctness and stability fixes without
immediate security impact.");
    script_tag(name: "vuldetect", value: "This check tests the installed
software version using the apt package manager.");
    exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"libnss3:amd64", ver:"2:3.26-1+debu8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libnss3:i386", ver:"2:3.26-1+debu8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if ((res = isdpkgvuln(pkg:"libnss3-1d:amd64", ver:"2:3.26-1+debu8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libnss3-1d:i386", ver:"2:3.26-1+debu8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if ((res = isdpkgvuln(pkg:"libnss3-dbg:amd64", ver:"2:3.26-1+debu8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libnss3-dbg:i386", ver:"2:3.26-1+debu8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if ((res = isdpkgvuln(pkg:"libnss3-dev", ver:"2:3.26-1+debu8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if ((res = isdpkgvuln(pkg:"libnss3-tools", ver:"2:3.26-1+debu8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}