nss-3.28.4-12.el7
エラータID: AXSA:2017-2308:05
Network Security Services (NSS) is a set of libraries designed to support the
cross-platform development of security-enabled client and server applications.
Security Fix(es):
* A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. (CVE-2017-7805)
Asianux would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges Martin Thomson as the original reporter.
CVE-2017-7805
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Update packages.
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
N/A
SRPMS
- nss-3.28.4-12.el7.src.rpm
MD5: d44bd5814e4dd8d5c46fb98f751b7b30
SHA-256: cd60bbc556eea8d8cd60e2616953a254ef3afa25f0cd7a8d36bbab20cfa73971
Size: 7.29 MB
Asianux Server 7 for x86_64
- nss-3.28.4-12.el7.x86_64.rpm
MD5: 1ca2be43a8d4fccc0d56e37e36c2cedc
SHA-256: f07a6114110554d427e8e07688b22b1f151b588d90386290fa55894ec3dd5c6f
Size: 847.64 kB - nss-devel-3.28.4-12.el7.x86_64.rpm
MD5: 8bce5dd933d98a05e9331033c5862e56
SHA-256: 7a40366a21a253643b0e29658e2af6cd9f1c5de4bf1301854f63bc2f3f03e7ae
Size: 217.54 kB - nss-sysinit-3.28.4-12.el7.x86_64.rpm
MD5: 06585f958427d14f2d9b6fd10bae60a5
SHA-256: caf5b1d400751d04ad66be32d54b853a4757f16685cf2fad4cabb46b48bfbc3c
Size: 58.90 kB - nss-tools-3.28.4-12.el7.x86_64.rpm
MD5: 514ce7a7992ec3ff03ad47a9c00d6dc0
SHA-256: 7e084d35d37c0589b6b36d4ca59c99a99eff75e098449f6038704ed2350c5abf
Size: 498.70 kB - nss-3.28.4-12.el7.i686.rpm
MD5: cbc4c5cd79471872f7bcd802b07ddd15
SHA-256: 6cede888df87c9ebb78afec7f2617bdd9c51cafa2391f5ed2493e7b862c8b4d2
Size: 843.61 kB - nss-devel-3.28.4-12.el7.i686.rpm
MD5: 3aaa5a8b8cc0c1e0b63b9f69bccf81e4
SHA-256: 529238c2c1e1baba97a6eedb06b029fbd8f0c39b455d1fcc3615f7fe04caf9d5
Size: 218.98 kB