Hello Team,
We have centos 7.x running in our environment and recently security team found "nss: Memory corruption in decodeECorDsaSignature with DSA signatures (andRSA-PSS) (CVE-2021-43527)" vulnerability for CentOS 7.x.
When we checked for udpated version of nss rpm we could not see in centos repos.
Hence would like to know if there is any plan on releasing the latest version of nss.
I see Redhat has already released latest version of nss to mitigate the vulnerability.
nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) (CVE-2021-43527)
-
- Posts: 1
- Joined: 2021/12/01 21:58:51
Re: nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) (CVE-2021-43527)
The fixes were pushed to the mirror network this morning and I'd guess they should be just about everywhere by now. Try running yum clean all then fololw that with an update and you should find them. If you run your own local mirror then you might need to kick that to have it catch up.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 1
- Joined: 2021/12/07 12:53:49
Re: nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) (CVE-2021-43527)
The fix for CVE-2021-43527 is the update of package nss.x86_64 version 3.67.0-4.el7_9?
Re: nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) (CVE-2021-43527)
Code: Select all
[root@centos7 ~]# rpm -q --changelog nss | less
* Thu Nov 18 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-4
- fix CVE-2021-43527
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke