nss-3.28.4-12.el7
エラータID: AXSA:2017-2308:05
リリース日:
2017/10/09 Monday - 23:16
題名:
nss-3.28.4-12.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- 現時点では CVE-2017-7805 の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートをアップデートしてください。
CVE:
CVE-2017-7805
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
追加情報:
N/A
ダウンロード:
SRPMS
- nss-3.28.4-12.el7.src.rpm
MD5: d44bd5814e4dd8d5c46fb98f751b7b30
SHA-256: cd60bbc556eea8d8cd60e2616953a254ef3afa25f0cd7a8d36bbab20cfa73971
Size: 7.29 MB
Asianux Server 7 for x86_64
- nss-3.28.4-12.el7.x86_64.rpm
MD5: 1ca2be43a8d4fccc0d56e37e36c2cedc
SHA-256: f07a6114110554d427e8e07688b22b1f151b588d90386290fa55894ec3dd5c6f
Size: 847.64 kB - nss-devel-3.28.4-12.el7.x86_64.rpm
MD5: 8bce5dd933d98a05e9331033c5862e56
SHA-256: 7a40366a21a253643b0e29658e2af6cd9f1c5de4bf1301854f63bc2f3f03e7ae
Size: 217.54 kB - nss-sysinit-3.28.4-12.el7.x86_64.rpm
MD5: 06585f958427d14f2d9b6fd10bae60a5
SHA-256: caf5b1d400751d04ad66be32d54b853a4757f16685cf2fad4cabb46b48bfbc3c
Size: 58.90 kB - nss-tools-3.28.4-12.el7.x86_64.rpm
MD5: 514ce7a7992ec3ff03ad47a9c00d6dc0
SHA-256: 7e084d35d37c0589b6b36d4ca59c99a99eff75e098449f6038704ed2350c5abf
Size: 498.70 kB - nss-3.28.4-12.el7.i686.rpm
MD5: cbc4c5cd79471872f7bcd802b07ddd15
SHA-256: 6cede888df87c9ebb78afec7f2617bdd9c51cafa2391f5ed2493e7b862c8b4d2
Size: 843.61 kB - nss-devel-3.28.4-12.el7.i686.rpm
MD5: 3aaa5a8b8cc0c1e0b63b9f69bccf81e4
SHA-256: 529238c2c1e1baba97a6eedb06b029fbd8f0c39b455d1fcc3615f7fe04caf9d5
Size: 218.98 kB