1

I am using ubuntu version "20.04.3 LTS (Focal Fossa)" where facing CVE-2021-43527 (NSS) vulnerability, no public network on the VM. In the link its mentioned that this vulnerability fixed in 2:3.49.1-1ubuntu1.6. Please help me how can I upgrade this version or how to resolve mentioned vulnerability from my VM.

Anan
  • 19
  • 1
  • 2
    Connect to internet, and run the commands sudo apt update and sudo apt dist-upgrade. That should apply all the updates. – Archisman Panigrahi Feb 02 '22 at 06:07
  • 1
    Or host a mirror or proxy in your internal network which can be accessed by your VM. – muru Feb 02 '22 at 06:13
  • 3
    Does this answer your question? Updating/patching an airgapped Ubuntu server Or https://askubuntu.com/questions/1015264/how-can-i-update-an-offline-ubuntu-machine-no-internet-at-all – muru Feb 02 '22 at 06:14
  • 1
    You've provided no link (but make reference to one); I gather it's https://ubuntu.com/security/CVE-2021-43527 – guiverc Feb 02 '22 at 06:19
  • Version 2:3.49.1-1ubuntu1.6 is the source package nss and not the package you would install. The following packages are built from the nss source: libnss3 libnss3-dev libnss3-tools. If the machine doesn't have access to the internet, you can download the packages (deb files) from here and install them using sudo apt install ./packagename.deb in the same directory as the downloaded pacakge. – mchid Feb 02 '22 at 21:00
  • There are other security updates listed on the same page. Look for any packages that show "security" in the description if they are installed on your computer. Of course, simply downloading the packages may not work as you may encounter dependency issues. However, these are mostly libs so keep your fingers crossed there are no problems and hopefully it will work. If not, you can always download the necessary dependencies and install those and then try again. – mchid Feb 02 '22 at 21:03
  • Thanks mchid, I have downloaded the nss_3.49.1.orig(1).tar file from your mentioned link. But can you help me how I Install this tar package. – Anan Feb 04 '22 at 05:55

0 Answers0