Synopsis: Important: nss security and bug fix update
Advisory ID: SLSA-2017:1365-3
Issue Date: 2017-05-30
CVE Numbers: CVE-2017-7502
--
Security Fix(es):
* A null pointer dereference flaw was found in the way NSS handled empty
SSLv2 messages. An attacker could use this flaw to crash a server
application compiled against the NSS library. (CVE-2017-7502)
Bug Fix(es):
* The Network Security Services (NSS) code and Certificate Authority (CA)
list have been updated to meet the recommendations as published with the
latest Mozilla Firefox Extended Support Release (ESR). The updated CA list
improves compatibility with the certificates that are used in the Internet
Public Key Infrastructure (PKI). To avoid certificate validation refusals,
consider installing the updated CA list on June 12, 2017.
--
SL7
x86_64
nss-3.28.4-1.2.el7_3.i686.rpm
nss-3.28.4-1.2.el7_3.x86_64.rpm
nss-debuginfo-3.28.4-1.2.el7_3.i686.rpm
nss-debuginfo-3.28.4-1.2.el7_3.x86_64.rpm
nss-sysinit-3.28.4-1.2.el7_3.x86_64.rpm
nss-tools-3.28.4-1.2.el7_3.x86_64.rpm
nss-devel-3.28.4-1.2.el7_3.i686.rpm
nss-devel-3.28.4-1.2.el7_3.x86_64.rpm
nss-pkcs11-devel-3.28.4-1.2.el7_3.i686.rpm
nss-pkcs11-devel-3.28.4-1.2.el7_3.x86_64.rpm
- Scientific Linux Development Team
