Issued:
2017-04-20
Updated:
2017-04-20

RHSA-2017:1102 - Critical: nss-util security update

Synopsis

Critical: nss-util security update

Type/Severity

Security Advisory Critical

Topic

An update for nss-util is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, Red Hat Enterprise Linux 6.7 Extended Update Support, and Red Hat Enterprise Linux 7.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries.

Security Fix(es):

  • An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2017-5461)

Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

ProductVersionArch
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions7.2x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support7.2x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support6.7x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support6.7i386
Red Hat Enterprise Linux for SAP Solutions for x86_64 - Extended Update Support6.7x86_64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support7.2ppc64le
Red Hat Enterprise Linux for Power, big endian - Extended Update Support7.2ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support6.7ppc64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support7.2s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support6.7s390x
Red Hat Enterprise Linux Server - TUS7.2x86_64
Red Hat Enterprise Linux Server - TUS6.6x86_64
Red Hat Enterprise Linux Server - TUS6.5x86_64
Red Hat Enterprise Linux Server - AUS7.2x86_64
Red Hat Enterprise Linux Server - AUS6.6x86_64
Red Hat Enterprise Linux Server - AUS6.5x86_64
Red Hat Enterprise Linux Server - AUS6.4x86_64
Red Hat Enterprise Linux Server - AUS6.2x86_64
Red Hat Enterprise Linux EUS Compute Node7.2x86_64
Red Hat Enterprise Linux EUS Compute Node6.7x86_64

Updated Packages

  • nss-util-debuginfo-3.14.3-9.el6_4.i686.rpm
  • nss-util-3.21.4-1.el6_7.ppc64.rpm
  • nss-util-devel-3.16.1-5.el6_5.x86_64.rpm
  • nss-util-3.21.4-1.el6_7.src.rpm
  • nss-util-3.13.1-11.el6_2.src.rpm
  • nss-util-debuginfo-3.21.4-1.el6_7.ppc64.rpm
  • nss-util-3.16.1-5.el6_5.i686.rpm
  • nss-util-3.21.4-1.el7_2.ppc64le.rpm
  • nss-util-debuginfo-3.21.4-1.el7_2.s390.rpm
  • nss-util-devel-3.21.4-1.el7_2.s390.rpm
  • nss-util-debuginfo-3.21.4-1.el6_7.x86_64.rpm
  • nss-util-debuginfo-3.21.4-1.el6_7.i686.rpm
  • nss-util-devel-3.13.1-11.el6_2.x86_64.rpm
  • nss-util-3.21.4-1.el6_7.s390.rpm
  • nss-util-debuginfo-3.21.4-1.el6_7.s390.rpm
  • nss-util-3.21.4-1.el7_2.ppc.rpm
  • nss-util-3.21.4-1.el7_2.src.rpm
  • nss-util-3.21.4-1.el7_2.s390.rpm
  • nss-util-3.13.1-11.el6_2.i686.rpm
  • nss-util-3.21.4-1.el7_2.i686.rpm
  • nss-util-devel-3.14.3-9.el6_4.x86_64.rpm
  • nss-util-debuginfo-3.19.1-4.el6_6.x86_64.rpm
  • nss-util-3.14.3-9.el6_4.x86_64.rpm
  • nss-util-devel-3.19.1-4.el6_6.i686.rpm
  • nss-util-3.21.4-1.el6_7.i686.rpm
  • nss-util-devel-3.21.4-1.el7_2.x86_64.rpm
  • nss-util-3.13.1-11.el6_2.x86_64.rpm
  • nss-util-devel-3.21.4-1.el6_7.s390x.rpm
  • nss-util-3.19.1-4.el6_6.i686.rpm
  • nss-util-3.21.4-1.el7_2.x86_64.rpm
  • nss-util-debuginfo-3.14.3-9.el6_4.x86_64.rpm
  • nss-util-3.21.4-1.el6_7.ppc.rpm
  • nss-util-debuginfo-3.21.4-1.el7_2.ppc64le.rpm
  • nss-util-devel-3.21.4-1.el7_2.s390x.rpm
  • nss-util-debuginfo-3.21.4-1.el6_7.ppc.rpm
  • nss-util-devel-3.21.4-1.el6_7.i686.rpm
  • nss-util-debuginfo-3.21.4-1.el7_2.s390x.rpm
  • nss-util-3.21.4-1.el6_7.x86_64.rpm
  • nss-util-debuginfo-3.21.4-1.el7_2.ppc64.rpm
  • nss-util-debuginfo-3.16.1-5.el6_5.i686.rpm
  • nss-util-devel-3.21.4-1.el6_7.ppc.rpm
  • nss-util-debuginfo-3.21.4-1.el7_2.x86_64.rpm
  • nss-util-debuginfo-3.16.1-5.el6_5.x86_64.rpm
  • nss-util-devel-3.21.4-1.el7_2.ppc64.rpm
  • nss-util-debuginfo-3.19.1-4.el6_6.i686.rpm
  • nss-util-3.14.3-9.el6_4.src.rpm
  • nss-util-3.21.4-1.el6_7.s390x.rpm
  • nss-util-3.16.1-5.el6_5.src.rpm
  • nss-util-3.19.1-4.el6_6.x86_64.rpm
  • nss-util-3.21.4-1.el7_2.ppc64.rpm
  • nss-util-devel-3.21.4-1.el7_2.i686.rpm
  • nss-util-devel-3.21.4-1.el7_2.ppc64le.rpm
  • nss-util-devel-3.21.4-1.el6_7.ppc64.rpm
  • nss-util-devel-3.21.4-1.el7_2.ppc.rpm
  • nss-util-debuginfo-3.21.4-1.el6_7.s390x.rpm
  • nss-util-debuginfo-3.13.1-11.el6_2.i686.rpm
  • nss-util-debuginfo-3.21.4-1.el7_2.ppc.rpm
  • nss-util-3.19.1-4.el6_6.src.rpm
  • nss-util-devel-3.21.4-1.el6_7.s390.rpm
  • nss-util-devel-3.16.1-5.el6_5.i686.rpm
  • nss-util-devel-3.21.4-1.el6_7.x86_64.rpm
  • nss-util-debuginfo-3.21.4-1.el7_2.i686.rpm
  • nss-util-3.16.1-5.el6_5.x86_64.rpm
  • nss-util-debuginfo-3.13.1-11.el6_2.x86_64.rpm
  • nss-util-3.14.3-9.el6_4.i686.rpm
  • nss-util-3.21.4-1.el7_2.s390x.rpm
  • nss-util-devel-3.14.3-9.el6_4.i686.rpm
  • nss-util-devel-3.19.1-4.el6_6.x86_64.rpm
  • nss-util-devel-3.13.1-11.el6_2.i686.rpm

Fixes

CVEs

References

Additional information