nss-3.28.4-12.el7

エラータID: AXSA:2017-2308:05

Release date: 
Monday, October 9, 2017 - 23:16
Subject: 
nss-3.28.4-12.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Network Security Services (NSS) is a set of libraries designed to support the
cross-platform development of security-enabled client and server applications.

Security Fix(es):

* A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. (CVE-2017-7805)

Asianux would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges Martin Thomson as the original reporter.

CVE-2017-7805
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2017-7805
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
Additional Info: 

N/A

Download: 

SRPMS
  1. nss-3.28.4-12.el7.src.rpm
    MD5: d44bd5814e4dd8d5c46fb98f751b7b30
    SHA-256: cd60bbc556eea8d8cd60e2616953a254ef3afa25f0cd7a8d36bbab20cfa73971
    Size: 7.29 MB

Asianux Server 7 for x86_64
  1. nss-3.28.4-12.el7.x86_64.rpm
    MD5: 1ca2be43a8d4fccc0d56e37e36c2cedc
    SHA-256: f07a6114110554d427e8e07688b22b1f151b588d90386290fa55894ec3dd5c6f
    Size: 847.64 kB
  2. nss-devel-3.28.4-12.el7.x86_64.rpm
    MD5: 8bce5dd933d98a05e9331033c5862e56
    SHA-256: 7a40366a21a253643b0e29658e2af6cd9f1c5de4bf1301854f63bc2f3f03e7ae
    Size: 217.54 kB
  3. nss-sysinit-3.28.4-12.el7.x86_64.rpm
    MD5: 06585f958427d14f2d9b6fd10bae60a5
    SHA-256: caf5b1d400751d04ad66be32d54b853a4757f16685cf2fad4cabb46b48bfbc3c
    Size: 58.90 kB
  4. nss-tools-3.28.4-12.el7.x86_64.rpm
    MD5: 514ce7a7992ec3ff03ad47a9c00d6dc0
    SHA-256: 7e084d35d37c0589b6b36d4ca59c99a99eff75e098449f6038704ed2350c5abf
    Size: 498.70 kB
  5. nss-3.28.4-12.el7.i686.rpm
    MD5: cbc4c5cd79471872f7bcd802b07ddd15
    SHA-256: 6cede888df87c9ebb78afec7f2617bdd9c51cafa2391f5ed2493e7b862c8b4d2
    Size: 843.61 kB
  6. nss-devel-3.28.4-12.el7.i686.rpm
    MD5: 3aaa5a8b8cc0c1e0b63b9f69bccf81e4
    SHA-256: 529238c2c1e1baba97a6eedb06b029fbd8f0c39b455d1fcc3615f7fe04caf9d5
    Size: 218.98 kB