Subject: [ASA-201705-21] lib32-nss: arbitrary code execution Arch Linux Security Advisory ASA-201705-21 ========================================== Severity: Critical Date : 2017-05-29 CVE-ID : CVE-2017-5461 Package : lib32-nss Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-248 Summary ======= The package lib32-nss before version 3.30.2-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 3.30.2-1. # pacman -Syu "lib32-nss>=3.30.2-1" The problem has been fixed upstream in version 3.30.2. Workaround ========== None. Description =========== An out-of-bounds write during Base64 decoding operation has been found in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. The issue has been fixed in releases 3.29.5 and 3.30.1. Impact ====== A remote attacker can execute arbitrary code on the affected host, using a specially crafted certificate. References ========== https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461 https://bugzilla.mozilla.org/show_bug.cgi?id=1344380 https://hg.mozilla.org/projects/nss/rev/ac34db053672 https://security.archlinux.org/CVE-2017-5461