Updating NSS?

General support questions
Post Reply
hejp
Posts: 1
Joined: 2022/05/17 14:56:51

Updating NSS?

Post by hejp » 2022/05/17 15:03:16

We are running CentOS 7.9 and it recently came to our attention that there is a vulnerability in NSS:

https://www.tenable.com/cve/CVE-2021-43527

The solution is to update the NSS package. However the latest version on the official repository is 3.67.0 and the CVE states the following: ¨
This vulnerability affects NSS < 3.73 and NSS < 3.68.1.

Is it possible to update NSS manually somehow? I tried installing it from CentOS 9 Stream:

Code: Select all

sudo yum localinstall http://mirror.stream.centos.org/9-stream/AppStream/x86_64/os/Packages/nss-3.71.0-7.el9.x86_64.rpm
But it breaks saying I need to update crypto-policies:

Code: Select all

 Requires: crypto-policies >= 20210118
TLDR: How to update NSS?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Updating NSS?

Post by TrevorH » 2022/05/17 15:31:10

TLDR: How to update NSS?
Run yum update. That's it. After you run it, you can check the output from rpm -q --changelog nss | grep -B 1 CVE-2021-43527 and see that it was fixed on Thu Nov 18 2021. I'd suggest reading https://access.redhat.com/security/updates/backporting/ for information on backporting of security fixes and features in CentOS and RHEL. Additionally https://access.redhat.com/solutions/2074 may also be of use.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply