 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.871803 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Update for nss and nss-util RHSA-2017:1100-01 |
| Resumen: | The remote host is missing an update for the 'nss and nss-util'; package(s) announced via the referenced advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'nss and nss-util' package(s) announced via the referenced advisory. Vulnerability Insight: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. The following packages have been upgraded to a newer upstream version: nss (3.28.4), nss-util (3.28.4). Security Fix(es): * An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2017-5461) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter. Affected Software/OS: nss and nss-util on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Server (v. 7), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-5461 BugTraq ID: 98050 http://www.securityfocus.com/bid/98050 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html https://bugzilla.mozilla.org/show_bug.cgi?id=1344380 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461 https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461 https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461 https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461 Debian Security Information: DSA-3831 (Google Search) http://www.debian.org/security/2017/dsa-3831 Debian Security Information: DSA-3872 (Google Search) http://www.debian.org/security/2017/dsa-3872 https://security.gentoo.org/glsa/201705-04 https://www.oracle.com//security-alerts/cpujul2021.html RedHat Security Advisories: RHSA-2017:1100 https://access.redhat.com/errata/RHSA-2017:1100 RedHat Security Advisories: RHSA-2017:1101 https://access.redhat.com/errata/RHSA-2017:1101 RedHat Security Advisories: RHSA-2017:1102 https://access.redhat.com/errata/RHSA-2017:1102 RedHat Security Advisories: RHSA-2017:1103 https://access.redhat.com/errata/RHSA-2017:1103 http://www.securitytracker.com/id/1038320 |
| Copyright | Copyright (C) 2017 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |