ELSA-2017-1100

Опубликовано: 20 апр. 2017

Источник: oracle-oval

Платформа: Oracle Linux 7

Платформа: Oracle Linux 6

Описание

ELSA-2017-1100: nss and nss-util security update (CRITICAL)

nss [3.28.4-1.0.1]

Added nss-vendor.patch to change vendor
Temporarily disable some tests until expired PayPalEE.cert is renewed

[3.28.4-1]

Rebase to 3.28.4

nss-util [3.28.4-1]

Rebase to NSS 3.28.4 to accommodate base64 encoding fix

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

nss

3.28.4-1.0.0.1.el7_3

nss-devel

3.28.4-1.0.0.1.el7_3

nss-pkcs11-devel

3.28.4-1.0.0.1.el7_3

nss-sysinit

3.28.4-1.0.0.1.el7_3

nss-tools

3.28.4-1.0.0.1.el7_3

nss-util

3.28.4-1.0.el7_3

nss-util-devel

3.28.4-1.0.el7_3

Oracle Linux 6

Oracle Linux x86_64

nss

3.28.4-1.0.1.el6_9

nss-devel

3.28.4-1.0.1.el6_9

nss-pkcs11-devel

3.28.4-1.0.1.el6_9

nss-sysinit

3.28.4-1.0.1.el6_9

nss-tools

3.28.4-1.0.1.el6_9

nss-util

3.28.4-1.el6_9

nss-util-devel

3.28.4-1.el6_9

Oracle Linux i686

nss

3.28.4-1.0.1.el6_9

nss-devel

3.28.4-1.0.1.el6_9

nss-pkcs11-devel

3.28.4-1.0.1.el6_9

nss-sysinit

3.28.4-1.0.1.el6_9

nss-tools

3.28.4-1.0.1.el6_9

nss-util

3.28.4-1.el6_9

nss-util-devel

3.28.4-1.el6_9

Связанные CVE

CVE-2017-5461

Ссылки на источники

Связанные уязвимости

CVE-2017-5461

CVSS3: 9.8

ubuntu

больше 8 лет назад

Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.