Test Kennung:	1.3.6.1.4.1.25623.1.0.842277
Kategorie:	Ubuntu Local Security Checks
Titel:	Ubuntu Update for nss USN-2672-1
Zusammenfassung:	The remote host is missing an update for the 'nss'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'nss' package(s) announced via the referenced advisory. Vulnerability Insight: Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721) Watson Ladd discovered that NSS incorrectly handled Elliptical Curve Cryptography (ECC) multiplication. A remote attacker could possibly use this issue to spoof ECDSA signatures. (CVE-2015-2730) As a security improvement, this update modifies NSS behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack. This update also refreshes the NSS package to version 3.19.2 which includes the latest CA certificate bundle. Affected Software/OS: nss on Ubuntu 14.10, Ubuntu 14.04 LTS, Ubuntu 12.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2721 BugTraq ID: 75541 http://www.securityfocus.com/bid/75541 BugTraq ID: 83398 http://www.securityfocus.com/bid/83398 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 Debian Security Information: DSA-3324 (Google Search) http://www.debian.org/security/2015/dsa-3324 Debian Security Information: DSA-3336 (Google Search) http://www.debian.org/security/2015/dsa-3336 https://security.gentoo.org/glsa/201512-10 https://security.gentoo.org/glsa/201701-46 https://smacktls.com RedHat Security Advisories: RHSA-2015:1185 http://rhn.redhat.com/errata/RHSA-2015-1185.html RedHat Security Advisories: RHSA-2015:1664 http://rhn.redhat.com/errata/RHSA-2015-1664.html http://www.securitytracker.com/id/1032783 http://www.securitytracker.com/id/1032784 SuSE Security Announcement: SUSE-SU-2015:1268 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html SuSE Security Announcement: SUSE-SU-2015:1269 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html SuSE Security Announcement: SUSE-SU-2015:1449 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html SuSE Security Announcement: openSUSE-SU-2015:1229 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html SuSE Security Announcement: openSUSE-SU-2015:1266 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.ubuntu.com/usn/USN-2656-1 http://www.ubuntu.com/usn/USN-2656-2 http://www.ubuntu.com/usn/USN-2672-1 http://www.ubuntu.com/usn/USN-2673-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-2730 BugTraq ID: 83399 http://www.securityfocus.com/bid/83399 RedHat Security Advisories: RHSA-2015:1699 http://rhn.redhat.com/errata/RHSA-2015-1699.html
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.