Test Kennung:	1.3.6.1.4.1.25623.1.0.882702
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for nss-util CESA-2017:1100 centos7
Zusammenfassung:	Check the version of nss-util
Beschreibung:	Summary: Check the version of nss-util Vulnerability Insight: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. The following packages have been upgraded to a newer upstream version: nss (3.28.4), nss-util (3.28.4). Security Fix(es): * An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2017-5461) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter. Affected Software/OS: nss-util on CentOS 7 Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-5461 BugTraq ID: 98050 http://www.securityfocus.com/bid/98050 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html https://bugzilla.mozilla.org/show_bug.cgi?id=1344380 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461 https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461 https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461 https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461 Debian Security Information: DSA-3831 (Google Search) http://www.debian.org/security/2017/dsa-3831 Debian Security Information: DSA-3872 (Google Search) http://www.debian.org/security/2017/dsa-3872 https://security.gentoo.org/glsa/201705-04 https://www.oracle.com//security-alerts/cpujul2021.html RedHat Security Advisories: RHSA-2017:1100 https://access.redhat.com/errata/RHSA-2017:1100 RedHat Security Advisories: RHSA-2017:1101 https://access.redhat.com/errata/RHSA-2017:1101 RedHat Security Advisories: RHSA-2017:1102 https://access.redhat.com/errata/RHSA-2017:1102 RedHat Security Advisories: RHSA-2017:1103 https://access.redhat.com/errata/RHSA-2017:1103 http://www.securitytracker.com/id/1038320
Copyright	Copyright (C) 2017 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.