English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.4.2017.1175.1
Categoría:SuSE Local Security Checks
Título:SUSE: Security Advisory (SUSE-SU-2017:1175-1)
Resumen:The remote host is missing an update for the 'MozillaFirefox, mozilla-nss, mozilla-nspr' package(s) announced via the SUSE-SU-2017:1175-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'MozillaFirefox, mozilla-nss, mozilla-nspr' package(s) announced via the SUSE-SU-2017:1175-1 advisory.

Vulnerability Insight:
Mozilla Firefox was updated to the Firefox ESR release 45.9.
Mozilla NSS was updated to support TLS 1.3 (close to release draft) and various new ciphers, PRFs, Diffie Hellman key agreement and support for more hashes.
Security issues fixed in Firefox (bsc#1035082)
- MFSA 2017-11/CVE-2017-5469: Potential Buffer overflow in flex-generated
code
- MFSA 2017-11/CVE-2017-5429: Memory safety bugs fixed in Firefox 53,
Firefox ESR 45.9, and Firefox ESR 52.1
- MFSA 2017-11/CVE-2017-5439: Use-after-free in nsTArray Length() during
XSLT processing
- MFSA 2017-11/CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT
processing
- MFSA 2017-11/CVE-2017-5437: Vulnerabilities in Libevent library
- MFSA 2017-11/CVE-2017-5436: Out-of-bounds write with malicious font in
Graphite 2
- MFSA 2017-11/CVE-2017-5435: Use-after-free during transaction processing
in the editor
- MFSA 2017-11/CVE-2017-5434: Use-after-free during focus handling
- MFSA 2017-11/CVE-2017-5433: Use-after-free in SMIL animation functions
- MFSA 2017-11/CVE-2017-5432: Use-after-free in text input selection
- MFSA 2017-11/CVE-2017-5464: Memory corruption with accessibility and DOM
manipulation
- MFSA 2017-11/CVE-2017-5465: Out-of-bounds read in ConvolvePixel
- MFSA 2017-11/CVE-2017-5460: Use-after-free in frame selection
- MFSA 2017-11/CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
- MFSA 2017-11/CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames
are sent with incorrect data
- MFSA 2017-11/CVE-2017-5447: Out-of-bounds read during glyph processing
- MFSA 2017-11/CVE-2017-5444: Buffer overflow while parsing
application/http-index-format content
- MFSA 2017-11/CVE-2017-5445: Uninitialized values used while parsing
application/http-index-format content
- MFSA 2017-11/CVE-2017-5442: Use-after-free during style changes
- MFSA 2017-11/CVE-2017-5443: Out-of-bounds write during BinHex decoding
- MFSA 2017-11/CVE-2017-5440: Use-after-free in txExecutionState
destructor during XSLT processing
- MFSA 2017-11/CVE-2017-5441: Use-after-free with selection during scroll
events
- MFSA 2017-11/CVE-2017-5459: Buffer overflow in WebGL Mozilla NSS was updated to 3.29.5, bringing new features and fixing bugs:
- Update to NSS 3.29.5:
* MFSA 2017-11/CVE-2017-5461: Rare crashes in the base 64 decoder and
encoder were fixed.
* MFSA 2017-11/CVE-2017-5462: A carry over bug in the RNG was fixed.
* CVE-2016-9574: Remote DoS during session handshake when using
SessionTicket extention and ECDHE-ECDSA (bsc#1015499).
* requires NSPR >= 4.13.1
- Update to NSS 3.29.3
* enables TLS 1.3 by default
- Fixed a bug in hash computation (and build with GCC 7 which complains
about shifts of boolean values). (bsc#1030071, bmo#1348767)
- Update to NSS 3.28.3
This is a patch release to fix binary compatibility issues.
- Update to NSS 3.28.1
This is a patch release to update the list of root CA certificates.
* The following CA ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'MozillaFirefox, mozilla-nss, mozilla-nspr' package(s) on SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Manager 2.1, SUSE Manager Proxy 2.1, SUSE OpenStack Cloud 5.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-1950
http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
BugTraq ID: 84223
http://www.securityfocus.com/bid/84223
Debian Security Information: DSA-3510 (Google Search)
http://www.debian.org/security/2016/dsa-3510
Debian Security Information: DSA-3520 (Google Search)
http://www.debian.org/security/2016/dsa-3520
Debian Security Information: DSA-3688 (Google Search)
http://www.debian.org/security/2016/dsa-3688
https://security.gentoo.org/glsa/201605-06
RedHat Security Advisories: RHSA-2016:0495
http://rhn.redhat.com/errata/RHSA-2016-0495.html
http://www.securitytracker.com/id/1035215
SuSE Security Announcement: SUSE-SU-2016:0727 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html
SuSE Security Announcement: SUSE-SU-2016:0777 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html
SuSE Security Announcement: SUSE-SU-2016:0820 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html
SuSE Security Announcement: SUSE-SU-2016:0909 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html
SuSE Security Announcement: openSUSE-SU-2016:0731 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
SuSE Security Announcement: openSUSE-SU-2016:0733 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
SuSE Security Announcement: openSUSE-SU-2016:1557 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html
http://www.ubuntu.com/usn/USN-2917-1
http://www.ubuntu.com/usn/USN-2917-2
http://www.ubuntu.com/usn/USN-2917-3
http://www.ubuntu.com/usn/USN-2924-1
http://www.ubuntu.com/usn/USN-2934-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-2834
BugTraq ID: 91072
http://www.securityfocus.com/bid/91072
RedHat Security Advisories: RHSA-2016:2779
http://rhn.redhat.com/errata/RHSA-2016-2779.html
http://www.securitytracker.com/id/1036057
SuSE Security Announcement: SUSE-SU-2016:1691 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html
SuSE Security Announcement: openSUSE-SU-2016:1552 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html
http://www.ubuntu.com/usn/USN-2993-1
http://www.ubuntu.com/usn/USN-3029-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-8635
BugTraq ID: 94346
http://www.securityfocus.com/bid/94346
https://security.gentoo.org/glsa/201701-46
Common Vulnerability Exposure (CVE) ID: CVE-2016-9574
Common Vulnerability Exposure (CVE) ID: CVE-2017-5429
BugTraq ID: 97940
http://www.securityfocus.com/bid/97940
Debian Security Information: DSA-3831 (Google Search)
https://www.debian.org/security/2017/dsa-3831
RedHat Security Advisories: RHSA-2017:1104
https://access.redhat.com/errata/RHSA-2017:1104
RedHat Security Advisories: RHSA-2017:1106
https://access.redhat.com/errata/RHSA-2017:1106
RedHat Security Advisories: RHSA-2017:1201
https://access.redhat.com/errata/RHSA-2017:1201
http://www.securitytracker.com/id/1038320
Common Vulnerability Exposure (CVE) ID: CVE-2017-5432
Common Vulnerability Exposure (CVE) ID: CVE-2017-5433
Common Vulnerability Exposure (CVE) ID: CVE-2017-5434
Common Vulnerability Exposure (CVE) ID: CVE-2017-5435
Common Vulnerability Exposure (CVE) ID: CVE-2017-5436
https://security.gentoo.org/glsa/201706-25
Common Vulnerability Exposure (CVE) ID: CVE-2017-5437
Common Vulnerability Exposure (CVE) ID: CVE-2017-5438
Common Vulnerability Exposure (CVE) ID: CVE-2017-5439
BugTraq ID: 103053
http://www.securityfocus.com/bid/103053
Common Vulnerability Exposure (CVE) ID: CVE-2017-5440
Common Vulnerability Exposure (CVE) ID: CVE-2017-5441
Common Vulnerability Exposure (CVE) ID: CVE-2017-5442
Common Vulnerability Exposure (CVE) ID: CVE-2017-5443
Common Vulnerability Exposure (CVE) ID: CVE-2017-5444
Common Vulnerability Exposure (CVE) ID: CVE-2017-5445
Common Vulnerability Exposure (CVE) ID: CVE-2017-5446
Common Vulnerability Exposure (CVE) ID: CVE-2017-5447
https://www.exploit-db.com/exploits/42071/
Common Vulnerability Exposure (CVE) ID: CVE-2017-5448
Common Vulnerability Exposure (CVE) ID: CVE-2017-5459
Common Vulnerability Exposure (CVE) ID: CVE-2017-5460
Common Vulnerability Exposure (CVE) ID: CVE-2017-5461
BugTraq ID: 98050
http://www.securityfocus.com/bid/98050
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1344380
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461
https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461
https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461
https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461
http://www.debian.org/security/2017/dsa-3831
Debian Security Information: DSA-3872 (Google Search)
http://www.debian.org/security/2017/dsa-3872
https://security.gentoo.org/glsa/201705-04
https://www.oracle.com//security-alerts/cpujul2021.html
RedHat Security Advisories: RHSA-2017:1100
https://access.redhat.com/errata/RHSA-2017:1100
RedHat Security Advisories: RHSA-2017:1101
https://access.redhat.com/errata/RHSA-2017:1101
RedHat Security Advisories: RHSA-2017:1102
https://access.redhat.com/errata/RHSA-2017:1102
RedHat Security Advisories: RHSA-2017:1103
https://access.redhat.com/errata/RHSA-2017:1103
Common Vulnerability Exposure (CVE) ID: CVE-2017-5462
https://www.debian.org/security/2017/dsa-3872
Common Vulnerability Exposure (CVE) ID: CVE-2017-5464
Common Vulnerability Exposure (CVE) ID: CVE-2017-5465
https://www.exploit-db.com/exploits/42072/
Common Vulnerability Exposure (CVE) ID: CVE-2017-5469
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2024 E-Soft Inc. Todos los derechos reservados.