SCIENTIFIC-LINUX-ERRATA Archives

May 2017

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: nss on SL7.x x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Tue, 30 May 2017 13:48:05 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (37 lines) 
Synopsis:          Important: nss security and bug fix update

Advisory ID:       SLSA-2017:1365-3

Issue Date:        2017-05-30

CVE Numbers:       CVE-2017-7502

--



Security Fix(es):



* A null pointer dereference flaw was found in the way NSS handled empty

SSLv2 messages. An attacker could use this flaw to crash a server

application compiled against the NSS library. (CVE-2017-7502)



Bug Fix(es):



* The Network Security Services (NSS) code and Certificate Authority (CA)

list have been updated to meet the recommendations as published with the

latest Mozilla Firefox Extended Support Release (ESR). The updated CA list

improves compatibility with the certificates that are used in the Internet

Public Key Infrastructure (PKI). To avoid certificate validation refusals,

consider installing the updated CA list on June 12, 2017.

--



SL7

  x86_64

    nss-3.28.4-1.2.el7_3.i686.rpm

    nss-3.28.4-1.2.el7_3.x86_64.rpm

    nss-debuginfo-3.28.4-1.2.el7_3.i686.rpm

    nss-debuginfo-3.28.4-1.2.el7_3.x86_64.rpm

    nss-sysinit-3.28.4-1.2.el7_3.x86_64.rpm

    nss-tools-3.28.4-1.2.el7_3.x86_64.rpm

    nss-devel-3.28.4-1.2.el7_3.i686.rpm

    nss-devel-3.28.4-1.2.el7_3.x86_64.rpm

    nss-pkcs11-devel-3.28.4-1.2.el7_3.i686.rpm

    nss-pkcs11-devel-3.28.4-1.2.el7_3.x86_64.rpm



- Scientific Linux Development Team

ATOM RSS1 RSS2