|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for nss and nss-util RHSA-2017:1100-01|
|Summary:||The remote host is missing an update for the 'nss and nss-util'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'nss and nss-util'
package(s) announced via the referenced advisory.
Network Security Services (NSS) is a set
of libraries designed to support the cross-platform development of
security-enabled client and server applications.
The nss-util packages provide utilities for use with the Network Security
Services (NSS) libraries.
The following packages have been upgraded to a newer upstream version: nss
(3.28.4), nss-util (3.28.4).
* An out-of-bounds write flaw was found in the way NSS performed certain
Base64-decoding operations. An attacker could use this flaw to create a
specially crafted certificate which, when parsed by NSS, could cause it to
crash or execute arbitrary code, using the permissions of the user running
an application compiled against the NSS library. (CVE-2017-5461)
Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges Ronald Crane as the original reporter.
nss and nss-util on
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Server (v. 7),
Red Hat Enterprise Linux Workstation (v. 6)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2017-5461|
BugTraq ID: 98050
Debian Security Information: DSA-3831 (Google Search)
Debian Security Information: DSA-3872 (Google Search)
RedHat Security Advisories: RHSA-2017:1100
RedHat Security Advisories: RHSA-2017:1101
RedHat Security Advisories: RHSA-2017:1102
RedHat Security Advisories: RHSA-2017:1103
|Copyright||Copyright (C) 2017 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.