MGASA-2017-0160

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0160.html

Import Source

https://advisories.mageia.org/MGASA-2017-0160.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2017-0160

Related

CVE-2017-7502

Published

2017-06-08T21:39:47Z

Modified

2017-06-08T21:27:51Z

Summary

Updated nss packages fix security vulnerability

Details

A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library (CVE-2017-7502).

References

https://advisories.mageia.org/MGASA-2017-0160.html
https://bugs.mageia.org/show_bug.cgi?id=20989
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.5_release_notes
https://rhn.redhat.com/errata/RHSA-2017-1365.html

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / nss

Package

Name: nss
Purl: pkg:rpm/mageia/nss?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.28.5-1.mga5

Ecosystem specific

{
    "section": "core"
}