Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Update for nss and nss-util RHSA-2017:1100-01
Summary:The remote host is missing an update for the 'nss and nss-util'; package(s) announced via the referenced advisory.
The remote host is missing an update for the 'nss and nss-util'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Network Security Services (NSS) is a set
of libraries designed to support the cross-platform development of
security-enabled client and server applications.

The nss-util packages provide utilities for use with the Network Security
Services (NSS) libraries.

The following packages have been upgraded to a newer upstream version: nss
(3.28.4), nss-util (3.28.4).

Security Fix(es):

* An out-of-bounds write flaw was found in the way NSS performed certain
Base64-decoding operations. An attacker could use this flaw to create a
specially crafted certificate which, when parsed by NSS, could cause it to
crash or execute arbitrary code, using the permissions of the user running
an application compiled against the NSS library. (CVE-2017-5461)

Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges Ronald Crane as the original reporter.

Affected Software/OS:
nss and nss-util on
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Server (v. 7),
Red Hat Enterprise Linux Workstation (v. 6)

Please Install the Updated Packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-5461
BugTraq ID: 98050
Debian Security Information: DSA-3831 (Google Search)
Debian Security Information: DSA-3872 (Google Search)
RedHat Security Advisories: RHSA-2017:1100
RedHat Security Advisories: RHSA-2017:1101
RedHat Security Advisories: RHSA-2017:1102
RedHat Security Advisories: RHSA-2017:1103
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.