ID de Prueba:	1.3.6.1.4.1.25623.1.0.882698
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for nss CESA-2017:1100 centos7
Resumen:	Check the version of nss
Descripción:	Summary: Check the version of nss Vulnerability Insight: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. The following packages have been upgraded to a newer upstream version: nss (3.28.4), nss-util (3.28.4). Security Fix(es): * An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2017-5461) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter. Affected Software/OS: nss on CentOS 7 Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-5461 BugTraq ID: 98050 http://www.securityfocus.com/bid/98050 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html https://bugzilla.mozilla.org/show_bug.cgi?id=1344380 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461 https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461 https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461 https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461 Debian Security Information: DSA-3831 (Google Search) http://www.debian.org/security/2017/dsa-3831 Debian Security Information: DSA-3872 (Google Search) http://www.debian.org/security/2017/dsa-3872 https://security.gentoo.org/glsa/201705-04 https://www.oracle.com//security-alerts/cpujul2021.html RedHat Security Advisories: RHSA-2017:1100 https://access.redhat.com/errata/RHSA-2017:1100 RedHat Security Advisories: RHSA-2017:1101 https://access.redhat.com/errata/RHSA-2017:1101 RedHat Security Advisories: RHSA-2017:1102 https://access.redhat.com/errata/RHSA-2017:1102 RedHat Security Advisories: RHSA-2017:1103 https://access.redhat.com/errata/RHSA-2017:1103 http://www.securitytracker.com/id/1038320
Copyright	Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.