Synopsis:          Important: nss security update
Advisory ID:       SLSA-2017:2832-1
Issue Date:        2017-09-29
CVE Numbers:       CVE-2017-7805
--

Security Fix(es):

* A use-after-free flaw was found in the TLS 1.2 implementation in the NSS
library when client authentication was used. A malicious client could use
this flaw to cause an application compiled against NSS to crash or,
potentially, execute arbitrary code with the permission of the user
running the application. (CVE-2017-7805)
--

SL6
  x86_64
    nss-3.28.4-4.el6_9.i686.rpm
    nss-3.28.4-4.el6_9.x86_64.rpm
    nss-debuginfo-3.28.4-4.el6_9.i686.rpm
    nss-debuginfo-3.28.4-4.el6_9.x86_64.rpm
    nss-sysinit-3.28.4-4.el6_9.x86_64.rpm
    nss-tools-3.28.4-4.el6_9.x86_64.rpm
    nss-devel-3.28.4-4.el6_9.i686.rpm
    nss-devel-3.28.4-4.el6_9.x86_64.rpm
    nss-pkcs11-devel-3.28.4-4.el6_9.i686.rpm
    nss-pkcs11-devel-3.28.4-4.el6_9.x86_64.rpm
  i386
    nss-3.28.4-4.el6_9.i686.rpm
    nss-debuginfo-3.28.4-4.el6_9.i686.rpm
    nss-sysinit-3.28.4-4.el6_9.i686.rpm
    nss-tools-3.28.4-4.el6_9.i686.rpm
    nss-devel-3.28.4-4.el6_9.i686.rpm
    nss-pkcs11-devel-3.28.4-4.el6_9.i686.rpm
SL7
  x86_64
    nss-3.28.4-12.el7_4.i686.rpm
    nss-3.28.4-12.el7_4.x86_64.rpm
    nss-debuginfo-3.28.4-12.el7_4.i686.rpm
    nss-debuginfo-3.28.4-12.el7_4.x86_64.rpm
    nss-sysinit-3.28.4-12.el7_4.x86_64.rpm
    nss-tools-3.28.4-12.el7_4.x86_64.rpm
    nss-devel-3.28.4-12.el7_4.i686.rpm
    nss-devel-3.28.4-12.el7_4.x86_64.rpm
    nss-pkcs11-devel-3.28.4-12.el7_4.i686.rpm
    nss-pkcs11-devel-3.28.4-12.el7_4.x86_64.rpm

- Scientific Linux Development Team