漏洞修复--Mozilla Network Security Services 缓冲区错误漏洞 (CVE-2019-17006)
2023-09-14 09:02:05 时间
1. 漏洞描述:
MozillaNetworkSecurityServices(NSS)是美国Mozilla基金会的一个函数库(网络安全服务库)。该产品可跨平台提供SSL、S/MIME和其他Internet安全标准支持。MozillaNSS中存在缓冲区错误漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。
2. 解决方法
使用阿里云或者腾讯云的仓库,具体方法其他文章有说明
sudo yum update -y nss-sysinit nss-tools nss-softokn nss nspr nss-util nss-softokn-freebl
3. 修复过程
# sudo yum update -y nss-sysinit nss-tools nss-softokn nss nspr nss-util nss-softokn-freebl
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package nspr.x86_64 0:4.21.0-1.el7 will be updated
---> Package nspr.x86_64 0:4.34.0-3.1.el7_9 will be an update
---> Package nss.x86_64 0:3.44.0-7.el7_7 will be updated
---> Package nss.x86_64 0:3.79.0-4.el7_9 will be an update
---> Package nss-softokn.x86_64 0:3.44.0-8.el7_7 will be updated
---> Package nss-softokn.x86_64 0:3.79.0-4.el7_9 will be an update
---> Package nss-softokn-freebl.x86_64 0:3.44.0-8.el7_7 will be updated
---> Package nss-softokn-freebl.x86_64 0:3.79.0-4.el7_9 will be an update
---> Package nss-sysinit.x86_64 0:3.44.0-7.el7_7 will be updated
---> Package nss-sysinit.x86_64 0:3.79.0-4.el7_9 will be an update
---> Package nss-tools.x86_64 0:3.44.0-7.el7_7 will be updated
---> Package nss-tools.x86_64 0:3.79.0-4.el7_9 will be an update
---> Package nss-util.x86_64 0:3.44.0-4.el7_7 will be updated
---> Package nss-util.x86_64 0:3.79.0-1.el7_9 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
===========================================================================================================================================================================
Package Arch Version Repository Size
===========================================================================================================================================================================
Updating:
nspr x86_64 4.34.0-3.1.el7_9 updates 128 k
nss x86_64 3.79.0-4.el7_9 updates 895 k
nss-softokn x86_64 3.79.0-4.el7_9 updates 379 k
nss-softokn-freebl x86_64 3.79.0-4.el7_9 updates 337 k
nss-sysinit x86_64 3.79.0-4.el7_9 updates 66 k
nss-tools x86_64 3.79.0-4.el7_9 updates 555 k
nss-util x86_64 3.79.0-1.el7_9 updates 80 k
Transaction Summary
===========================================================================================================================================================================
Upgrade 7 Packages
Total download size: 2.4 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/7): nspr-4.34.0-3.1.el7_9.x86_64.rpm | 128 kB 00:00:00
(2/7): nss-3.79.0-4.el7_9.x86_64.rpm | 895 kB 00:00:00
(3/7): nss-softokn-3.79.0-4.el7_9.x86_64.rpm | 379 kB 00:00:00
(4/7): nss-sysinit-3.79.0-4.el7_9.x86_64.rpm | 66 kB 00:00:00
(5/7): nss-softokn-freebl-3.79.0-4.el7_9.x86_64.rpm | 337 kB 00:00:00
(6/7): nss-tools-3.79.0-4.el7_9.x86_64.rpm | 555 kB 00:00:00
(7/7): nss-util-3.79.0-1.el7_9.x86_64.rpm | 80 kB 00:00:00
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 2.4 MB/s | 2.4 MB 00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : nspr-4.34.0-3.1.el7_9.x86_64 1/14
Updating : nss-util-3.79.0-1.el7_9.x86_64 2/14
Updating : nss-softokn-freebl-3.79.0-4.el7_9.x86_64 3/14
Updating : nss-softokn-3.79.0-4.el7_9.x86_64 4/14
Updating : nss-sysinit-3.79.0-4.el7_9.x86_64 5/14
Updating : nss-3.79.0-4.el7_9.x86_64 6/14
Updating : nss-tools-3.79.0-4.el7_9.x86_64 7/14
Cleanup : nss-tools-3.44.0-7.el7_7.x86_64 8/14
Cleanup : nss-sysinit-3.44.0-7.el7_7.x86_64 9/14
Cleanup : nss-3.44.0-7.el7_7.x86_64 10/14
Cleanup : nss-softokn-3.44.0-8.el7_7.x86_64 11/14
Cleanup : nss-softokn-freebl-3.44.0-8.el7_7.x86_64 12/14
Cleanup : nss-util-3.44.0-4.el7_7.x86_64 13/14
Cleanup : nspr-4.21.0-1.el7.x86_64 14/14
Verifying : nss-softokn-freebl-3.79.0-4.el7_9.x86_64 1/14
Verifying : nss-tools-3.79.0-4.el7_9.x86_64 2/14
Verifying : nss-util-3.79.0-1.el7_9.x86_64 3/14
Verifying : nspr-4.34.0-3.1.el7_9.x86_64 4/14
Verifying : nss-sysinit-3.79.0-4.el7_9.x86_64 5/14
Verifying : nss-softokn-3.79.0-4.el7_9.x86_64 6/14
Verifying : nss-3.79.0-4.el7_9.x86_64 7/14
Verifying : nss-softokn-freebl-3.44.0-8.el7_7.x86_64 8/14
Verifying : nss-sysinit-3.44.0-7.el7_7.x86_64 9/14
Verifying : nss-tools-3.44.0-7.el7_7.x86_64 10/14
Verifying : nss-3.44.0-7.el7_7.x86_64 11/14
Verifying : nss-util-3.44.0-4.el7_7.x86_64 12/14
Verifying : nspr-4.21.0-1.el7.x86_64 13/14
Verifying : nss-softokn-3.44.0-8.el7_7.x86_64 14/14
Updated:
nspr.x86_64 0:4.34.0-3.1.el7_9 nss.x86_64 0:3.79.0-4.el7_9 nss-softokn.x86_64 0:3.79.0-4.el7_9 nss-softokn-freebl.x86_64 0:3.79.0-4.el7_9
nss-sysinit.x86_64 0:3.79.0-4.el7_9 nss-tools.x86_64 0:3.79.0-4.el7_9 nss-util.x86_64 0:3.79.0-1.el7_9
Complete!
4. 重新扫描
相关文章
- GHOST还原时错误An internal inconsistency has been detected..Internal Error 25002解决办法(-ntexact参数)
- 解决Ubuntu的错误提示
- git push 提交操作出现 fatal: Authentication failed for 错误 解决方案
- 解决ora-01034和ora-27101错误
- EasyDSS RTMP流媒体服务器videojs flash播放RTMP/HLS提示错误的解决方案
- System.ServiceModel.CommunicationException: 接收HTTP 响应时发生错误
- 112. 使用自开发的代理服务器解决 SAP UI5 FileUploader 上传文件时遇到的跨域访问错误
- SAP APF框架错误消息Filter is too complex的处理
- 如何处理Docker的错误消息request canceled:Docker代理问题
- Microsoft Office 2010 取消弹出宏安全性设置错误的提示
- paip.python错误解决10
- 《互联网领域Java从来就不是主流》一个完全错误的标题!炒作短时间带来了流量,却损害了作者的声誉,推荐人的信誉,以及读者对于网站的期待。
- http错误-413 Request Entity Too Large
- 解决MyBatisSystemException: nested exception is org.apache.ibatis.exceptions.TooManyResultsException错误
- 【错误记录】编译 Linux 内核报错 ( /bin/sh: 1: bison: not found )
- 【错误记录】IntelliJ IDEA 编译 Groovy 报错 ( Could not open/create prefs root node SoftwareJavaSoftPrefs )
- Win11系统电脑安装steam客户端出现错误怎么办?
- metasploit之Windows Services漏洞提权实战——利用Windows服务是以SYSTEM权限运行的,如果配置错误让我们修改该服务的二进制文件路径属性,则可以实现提权
- 漏洞修复--Mozilla Network Security Services 缓冲区错误漏洞 (CVE-2019-17006)
- 漏洞修复--GNU Gzip 输入验证错误漏洞(CVE-2022-1271)