ALAS-2017-911


Amazon Linux AMI Security Advisory: ALAS-2017-911
Advisory Release Date: 2017-10-13 00:10 Pacific
Severity: Important
References: CVE-2017-7805 

Issue Overview:

Potential use-after-free in TLS 1.2 server when verifying client authentication:
A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. (CVE-2017-7805 )


Affected Packages:

nss


Issue Correction:
Run yum update nss to update your system.

New Packages:
i686:
    nss-tools-3.28.4-12.80.amzn1.i686
    nss-debuginfo-3.28.4-12.80.amzn1.i686
    nss-3.28.4-12.80.amzn1.i686
    nss-sysinit-3.28.4-12.80.amzn1.i686
    nss-pkcs11-devel-3.28.4-12.80.amzn1.i686
    nss-devel-3.28.4-12.80.amzn1.i686

src:
    nss-3.28.4-12.80.amzn1.src

x86_64:
    nss-pkcs11-devel-3.28.4-12.80.amzn1.x86_64
    nss-devel-3.28.4-12.80.amzn1.x86_64
    nss-3.28.4-12.80.amzn1.x86_64
    nss-debuginfo-3.28.4-12.80.amzn1.x86_64
    nss-sysinit-3.28.4-12.80.amzn1.x86_64
    nss-tools-3.28.4-12.80.amzn1.x86_64