Amazon Linux 1 Security Advisory: ALAS-2017-911
Advisory Release Date: 2017-10-12 19:41 Pacific
Advisory Updated Date: 2017-10-13 00:10 Pacific
Potential use-after-free in TLS 1.2 server when verifying client authentication:
A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. (CVE-2017-7805)
Affected Packages:
nss
Issue Correction:
Run yum update nss to update your system.
i686:
nss-tools-3.28.4-12.80.amzn1.i686
nss-debuginfo-3.28.4-12.80.amzn1.i686
nss-3.28.4-12.80.amzn1.i686
nss-sysinit-3.28.4-12.80.amzn1.i686
nss-pkcs11-devel-3.28.4-12.80.amzn1.i686
nss-devel-3.28.4-12.80.amzn1.i686
src:
nss-3.28.4-12.80.amzn1.src
x86_64:
nss-pkcs11-devel-3.28.4-12.80.amzn1.x86_64
nss-devel-3.28.4-12.80.amzn1.x86_64
nss-3.28.4-12.80.amzn1.x86_64
nss-debuginfo-3.28.4-12.80.amzn1.x86_64
nss-sysinit-3.28.4-12.80.amzn1.x86_64
nss-tools-3.28.4-12.80.amzn1.x86_64