A recent vulnerability regarding NSS has been found (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527). Is there any way to upgrade an Ubuntu 20.04 system to meet the minimum requirements and avoid this vulnerability? Thanks.
Asked
Active
Viewed 95 times
-1
-
Step 1: Check the CVE tracker at https://ubuntu.com/security/cve – user535733 Jan 20 '22 at 21:00
1 Answers
2
See https://ubuntu.com/security/CVE-2021-43527:
The affected packages have already been patched, and those patched packages are already in the Ubuntu repositories. You should have received them automatically around 01 December 2021 -- that's what Unattended Upgrades does.
The patched version of nss in Ubuntu 20.04 is 2:3.49.1-1ubuntu1.6
user535733
- 62,253
-
My installation returned 0.16.1-1ubuntu0.1 as the aide version. There is no change in nss (still 2:3.49.1-1ubuntu1.6) so I guess that the only way to check out if the patch is effective would be rescanning (which will take some time). – afernandezody Jan 20 '22 at 21:21
-
Re-read the corrected answer. The
aidepackage was a mistake. You are already running the patched version of nss. – user535733 Jan 20 '22 at 21:25 -
1Run
apt-get changelog libnss3. It says CVE-2021-43527 has been patched last year. – mikewhatever Jan 20 '22 at 21:26 -
The changelog seems to point to 29/11/2021 as the date that the patch was installed. I think that I got it. Thanks. – afernandezody Jan 20 '22 at 21:34