 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.882018 |
| Category: | CentOS Local Security Checks |
| Title: | CentOS Update for nss CESA-2014:1073 centos7 |
| Summary: | The remote host is missing an update for the 'nss'; package(s) announced via the referenced advisory. |
| Description: | Summary: The remote host is missing an update for the 'nss' package(s) announced via the referenced advisory. Vulnerability Insight: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv3, TLS, and other security standards. It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) In addition, the nss, nss-util, and nss-softokn packages have been upgraded to upstream version 3.16.2, which provides a number of bug fixes and enhancements over the previous versions. (BZ#1124659) Users of NSS are advised to upgrade to these updated packages, which correct these issues and add these enhancements. After installing this update, applications using NSS must be restarted for this update to take effect. Affected Software/OS: nss on CentOS 7 Solution: Please install the updated packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-1492 BugTraq ID: 66356 http://www.securityfocus.com/bid/66356 Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/534161/100/0/threaded Debian Security Information: DSA-2994 (Google Search) http://www.debian.org/security/2014/dsa-2994 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html http://seclists.org/fulldisclosure/2014/Dec/23 https://security.gentoo.org/glsa/201504-01 http://secunia.com/advisories/59866 http://secunia.com/advisories/60621 http://secunia.com/advisories/60794 SuSE Security Announcement: SUSE-SU-2014:0665 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html SuSE Security Announcement: SUSE-SU-2014:0727 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html SuSE Security Announcement: openSUSE-SU-2014:0599 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html SuSE Security Announcement: openSUSE-SU-2014:0629 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html http://www.ubuntu.com/usn/USN-2159-1 http://www.ubuntu.com/usn/USN-2185-1 |
| Copyright | Copyright (C) 2014 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |