Bug 1471171 (CVE-2017-7805) - CVE-2017-7805 nss: Potential use-after-free in TLS 1.2 server when verifying client authentication
Summary: CVE-2017-7805 nss: Potential use-after-free in TLS 1.2 server when verifying ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2017-7805
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1473508 1473509 1473510 1473511 1496926
Blocks: 1471174
TreeView+ depends on / blocked
 
Reported: 2017-07-14 15:05 UTC by Adam Mariš
Modified: 2021-02-17 01:56 UTC (History)
16 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2017-09-29 02:18:17 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:2832 0 normal SHIPPED_LIVE Important: nss security update 2017-09-29 03:58:01 UTC

Description Adam Mariš 2017-07-14 15:05:22 UTC 
Potential use-after-free vulnerability in nss in TLS 1.2 server when verifying client authentication was found.

Upstream bug:

https://bugzilla.mozilla.org/show_bug.cgi?id=1377618
Comment 10 Doran Moppert 2017-09-28 04:25:39 UTC 
Acknowledgments:

Name: the Mozilla project
Upstream: Martin Thomson
Comment 11 Tomas Hoger 2017-09-28 08:27:10 UTC 
Upstream commit:

https://hg.mozilla.org/projects/nss/rev/839200ce0943166a079284bdf45dcc37bb672925
Comment 12 Tomas Hoger 2017-09-28 18:58:30 UTC 
Public now via upstream advisories:

https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/
Comment 13 Tomas Hoger 2017-09-28 19:00:22 UTC 
Created nss tracking bugs for this issue:

Affects: fedora-all [bug 1496926]
Comment 14 errata-xmlrpc 2017-09-28 23:58:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2017:2832 https://access.redhat.com/errata/RHSA-2017:2832
Note You need to log in before you can comment on or make changes to this bug.