nss-3.28.4-4.AXS4
エラータID: AXSA:2017-2306:02
リリース日:
2017/10/09 Monday - 23:13
題名:
nss-3.28.4-4.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- 現時点では CVE-2017-7805 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2017-7805
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
追加情報:
N/A
ダウンロード:
SRPMS
- nss-3.28.4-4.AXS4.src.rpm
MD5: ddc3f75e41976298c1bf8aeab01563c6
SHA-256: 3360be35f2fc8400139e153c7024413724586f45a27e53378e602cf0670988b7
Size: 7.26 MB
Asianux Server 4 for x86
- nss-3.28.4-4.AXS4.i686.rpm
MD5: 439235858c9d5a677b39300ea50ce35d
SHA-256: ef5034ec701dbcd78d707aa70e2595415628fb541a18be6abd9ba9822827aa82
Size: 881.58 kB - nss-devel-3.28.4-4.AXS4.i686.rpm
MD5: 4b97d51843541819a0f6f1fabcde2d31
SHA-256: d08dac8d4c80db420073756085f356fddfc58a7b9304ab1145719ff7359c0df3
Size: 212.72 kB - nss-sysinit-3.28.4-4.AXS4.i686.rpm
MD5: 9b907689adce342ae7cb31ffd809f8bd
SHA-256: a73470c0ff682eea3213044b622c02228622290a34240c84a26694df971c40e9
Size: 50.75 kB - nss-tools-3.28.4-4.AXS4.i686.rpm
MD5: bdb53be595ac70c1bae522d1d6db7512
SHA-256: 0c12ce9aa1dfbe75d58872153cedf97b071ffa9cb733fe68a36a565e40dadf0a
Size: 453.23 kB
Asianux Server 4 for x86_64
- nss-3.28.4-4.AXS4.x86_64.rpm
MD5: 19e742bbfd6518a3f86b43b1e53f62d8
SHA-256: 63103908785e4659988b9c3a2a5f3d03d57f953701115b1a558ebaa24af35622
Size: 878.19 kB - nss-devel-3.28.4-4.AXS4.x86_64.rpm
MD5: 697671e06af4b512b11868f7101836f1
SHA-256: 7174e421ef79451f799616d42213dc0cb34a847c6b3ba15cb7f2c83d9df6703d
Size: 210.84 kB - nss-sysinit-3.28.4-4.AXS4.x86_64.rpm
MD5: 012e410b27ddb144156c3d46c6133463
SHA-256: 9eb0db3ccb7548409b989728a73dac96e2dcc49e58bf6ebeb3b64ee3011fb0c5
Size: 50.36 kB - nss-tools-3.28.4-4.AXS4.x86_64.rpm
MD5: 4c6b0cacfb2ab344df9f48b5b5e7acee
SHA-256: 810d03978c873237885699bb8341093d83c2bcef0b9706c644824abdf31fba1a
Size: 445.72 kB - nss-3.28.4-4.AXS4.i686.rpm
MD5: 439235858c9d5a677b39300ea50ce35d
SHA-256: ef5034ec701dbcd78d707aa70e2595415628fb541a18be6abd9ba9822827aa82
Size: 881.58 kB - nss-devel-3.28.4-4.AXS4.i686.rpm
MD5: 4b97d51843541819a0f6f1fabcde2d31
SHA-256: d08dac8d4c80db420073756085f356fddfc58a7b9304ab1145719ff7359c0df3
Size: 212.72 kB