• 2月 2, 2021

An update for nss is now available for Red Hat Enterprise Linux 7

CESA-2017:1365

An update for nss is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Network Security Services (NSS) is a set of libraries designed to support the
cross-platform development of security-enabled client and server applications.

Security Fix(es):

  • A null pointer dereference flaw was found in the way NSS handled empty SSLv2
    messages. An attacker could use this flaw to crash a server application compiled
    against the NSS library. (CVE-2017-7502)

Bug Fix(es):

  • The Network Security Services (NSS) code and Certificate Authority (CA) list
    have been updated to meet the recommendations as published with the latest
    Mozilla Firefox Extended Support Release (ESR). The updated CA list improves
    compatibility with the certificates that are used in the Internet Public Key
    Infrastructure (PKI). To avoid certificate validation refusals, Red Hat
    recommends installing the updated CA list on June 12, 2017. (BZ#1451421)