CVE-2017-5461 Amazon Linux Security Advisory for nss,nss-util: ALAS-2017-825

漏洞类别:Amazon Linux

漏洞等级:

漏洞信息

An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2017-5461 )

Upstream acknowledges Ronald Crane as the original reporter.

漏洞危害

Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

解决方案

Please refer to Amazon advisory ALAS-2017-825 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ALAS-2017-825

0day

发表评论