Fedora 16 : firefox-9.0-3.fc16 / nss-3.13.1-9.fc16 / nss-softokn-3.13.1-14.fc16 / etc (2011-17400)

medium Nessus プラグイン ID 57389

概要

The remote Fedora host is missing one or more security updates.

説明

The latest version of Firefox and Thunderbird have the following changes :

- Added Type Inference, significantly improving JavaScript performance

- Added support for querying Do Not Track status via JavaScript

- Added support for font-stretch

- Improved support for text-overflow

- Improved standards support for HTML5, MathML, and CSS

- Fixed several stability issues

- Fixed several security issues

Update nss to 3.13.1

You can find the new features and bug fixes in NSS 3.13 and 3.13.1 with these Bugzilla queries :

https://bugzilla.mozilla.org/buglist.cgi?list_id=1496878&resolution=FI XED&classification=Components&query_format=advanced&target_milestone=3 .13&product=NSS

and

https://bugzilla.mozilla.org/buglist.cgi?list_id=1496878&resolution=FI XED&classification=Components&query_format=advanced&target_milestone=3 .13.1&product=NSS

Notable changes include :

1. SSL 2.0 is disabled by default.

2. A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext attack demonstrated by Rizzo and Duong (CVE-2011-3389) is enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it.

3. SHA-224 is supported.

4. Added PORT_ErrorToString and PORT_ErrorToName to return the error message and symbolic name of an NSS error code.

5. Added NSS_GetVersion to return the NSS version string.

6. Added experimental support of RSA-PSS to the softoken only (contributed by Hanno Bock, http://rsapss.hboeck.de/).

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ソリューション

Update the affected packages.

関連情報

https://rsapss.hboeck.de/

http://www.nessus.org/u?c50d6ac0

http://www.nessus.org/u?132ae2a7

http://www.nessus.org/u?1fa18268

http://www.nessus.org/u?92f4593c

http://www.nessus.org/u?a6791be1

http://www.nessus.org/u?05d0db8f

http://www.nessus.org/u?b974e724

http://www.nessus.org/u?af682fa6

http://www.nessus.org/u?01c5fc18

プラグインの詳細

深刻度: Medium

ID: 57389

ファイル名: fedora_2011-17400.nasl

バージョン: 1.18

タイプ: local

エージェント: unix

公開日: 2011/12/23

更新日: 2021/1/11

依存関係: ssh_get_info.nasl

リスク情報

リスクファクター: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 5.9

ベクトル: AV:N/AC:M/Au:N/C:P/I:P/A:P

現状ベクトル: E:ND/RL:OF/RC:C

脆弱性の情報

CPE: p-cpe:/a:fedoraproject:fedora:firefox, p-cpe:/a:fedoraproject:fedora:nss, p-cpe:/a:fedoraproject:fedora:nss-softokn, p-cpe:/a:fedoraproject:fedora:nss-util, p-cpe:/a:fedoraproject:fedora:thunderbird, p-cpe:/a:fedoraproject:fedora:thunderbird-lightning, p-cpe:/a:fedoraproject:fedora:xulrunner, cpe:/o:fedoraproject:fedora:16

必要な KB アイテム: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

エクスプロイトの容易さ: No known exploits are available

パッチ公開日: 2011/12/23

参照情報

BID: 51133, 51134, 51135, 51136, 51137, 51138, 51139

FEDORA: 2011-17400