Ubuntu Local Security Checks : Ubuntu Update for nss USN-3163-1

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.843006

Categoría: Ubuntu Local Security Checks

Título: Ubuntu Update for nss USN-3163-1

Resumen: The remote host is missing an update for the 'nss'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'nss'
package(s) announced via the referenced advisory.

Vulnerability Insight:
It was discovered that NSS incorrectly
handled certain invalid Diffie-Hellman keys. A remote attacker could possibly
use this flaw to cause NSS to crash, resulting in a denial of service. This issue
only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-5285)

Hubert Kario discovered that NSS incorrectly handled Diffie Hellman client
key exchanges. A remote attacker could possibly use this flaw to perform a
small subgroup confinement attack and recover private keys. This issue only
applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-8635)

Franziskus Kiefer discovered that NSS incorrectly mitigated certain timing
side-channel attacks. A remote attacker could possibly use this flaw to
recover private keys. (CVE-2016-9074)

This update refreshes the NSS package to version 3.26.2 which includes
the latest CA certificate bundle.

Affected Software/OS:
nss on Ubuntu 16.10,
Ubuntu 16.04 LTS,
Ubuntu 14.04 LTS,
Ubuntu 12.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-5285
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html
http://rhn.redhat.com/errata/RHSA-2016-2779.html
http://www.securityfocus.com/bid/94349
http://www.ubuntu.com/usn/USN-3163-1
https://bto.bluecoat.com/security-advisory/sa137
https://security.gentoo.org/glsa/201701-46
Common Vulnerability Exposure (CVE) ID: CVE-2016-8635
BugTraq ID: 94346
http://www.securityfocus.com/bid/94346
RedHat Security Advisories: RHSA-2016:2779
Common Vulnerability Exposure (CVE) ID: CVE-2016-9074
BugTraq ID: 94341
http://www.securityfocus.com/bid/94341
Debian Security Information: DSA-3730 (Google Search)
https://www.debian.org/security/2016/dsa-3730
https://security.gentoo.org/glsa/201701-15
http://www.securitytracker.com/id/1037298

Copyright Copyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.843006
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for nss USN-3163-1
Resumen:	The remote host is missing an update for the 'nss'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'nss' package(s) announced via the referenced advisory. Vulnerability Insight: It was discovered that NSS incorrectly handled certain invalid Diffie-Hellman keys. A remote attacker could possibly use this flaw to cause NSS to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5285) Hubert Kario discovered that NSS incorrectly handled Diffie Hellman client key exchanges. A remote attacker could possibly use this flaw to perform a small subgroup confinement attack and recover private keys. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-8635) Franziskus Kiefer discovered that NSS incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys. (CVE-2016-9074) This update refreshes the NSS package to version 3.26.2 which includes the latest CA certificate bundle. Affected Software/OS: nss on Ubuntu 16.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, Ubuntu 12.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5285 http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html http://rhn.redhat.com/errata/RHSA-2016-2779.html http://www.securityfocus.com/bid/94349 http://www.ubuntu.com/usn/USN-3163-1 https://bto.bluecoat.com/security-advisory/sa137 https://security.gentoo.org/glsa/201701-46 Common Vulnerability Exposure (CVE) ID: CVE-2016-8635 BugTraq ID: 94346 http://www.securityfocus.com/bid/94346 RedHat Security Advisories: RHSA-2016:2779 Common Vulnerability Exposure (CVE) ID: CVE-2016-9074 BugTraq ID: 94341 http://www.securityfocus.com/bid/94341 Debian Security Information: DSA-3730 (Google Search) https://www.debian.org/security/2016/dsa-3730 https://security.gentoo.org/glsa/201701-15 http://www.securitytracker.com/id/1037298
Copyright	Copyright (C) 2017 Greenbone Networks GmbH