Amazon Linux AMI : nss (ALAS-2017-911)
Medium Nessus Plugin ID 103824
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionPotential use-after-free in TLS 1.2 server when verifying client authentication :
A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. (CVE-2017-7805)
SolutionRun 'yum update nss' to update your system.