missing arm64 packages fixing nss (CVE-2021-43527)

Support for security such as Firewalls and securing linux
Post Reply
lunatech
Posts: 2
Joined: 2022/03/08 19:45:12

missing arm64 packages fixing nss (CVE-2021-43527)

Post by lunatech » 2022/03/08 19:53:04

I a running centos-7.9 (CentOS Linux release 7.9.2009 (AltArch))

nss had a vulnerability reported with a CVSS score of 9.8 (https://access.redhat.com/security/cve/CVE-2021-43527).

I can see that there is a x86_64 package for nss that fixes this vulnerability (nss-3.67.0-4.el7_9.x86_64)

Code: Select all

rpm -q nss --changelog |head -n 10
* Thu Nov 18 2021 Bob Relyea <rrelyea@redhat.com> - 3.67.0-4
- fix CVE-2021-43527
However, when I tried to find the updated package for aarch64, I don't see a package fixing this vulnerability for aarch64. Reading the security report seems to indicate that this affects all architectures. I can also see that amazonlinux and oracle linux have released nss packages to address this vulnerability.

Looking through the centos forums, I have not been able to figure out why this package is missing for aarch64.

Does someone know why this package with high vulnerability has not been updated for centos-7.9?

Thanks for your guidance.

hughesjr
Site Admin
Posts: 254
Joined: 2004/12/05 01:51:26
Location: Corpus Christi, Texas, USA
Contact:

Re: missing arm64 packages fixing nss (CVE-2021-43527)

Post by hughesjr » 2022/03/08 22:55:29

For whatever unknown reason, that update built on 12/4/2021 along with the other arches, but it was not released.

It has been pushed to the master server now and will be available on mirror.centos.org in 30 or so minutes.

lunatech
Posts: 2
Joined: 2022/03/08 19:45:12

Re: missing arm64 packages fixing nss (CVE-2021-43527)

Post by lunatech » 2022/03/08 23:09:59

It has been pushed to the master server now and will be available on mirror.centos.org in 30 or so minutes.
Nice, thanks!

Post Reply