1

We had a bug with our ssl and this bug solved with nss version 3.30.2. The problem is that current version of nss is 3.28.4 and my client see our webpage as untrusted so I show our client an easy way to update nss version update to 3.30.2 how can I do that. sudo apt-get install libnss3=2.3.30.2 I used this command but it does not find this version.

muru
  • 197,895
  • 55
  • 485
  • 740
Sefa
  • 11

1 Answers1

2

There is no Ubuntu version with 3.30.2 Regarding the versions on libnss3:

trusty (14.04LTS) (libs): Network Security Service libraries
2:3.28.4-0ubuntu0.14.04.2 [security]: amd64 i386
2:3.15.4-1ubuntu7 [ports]: arm64 armhf powerpc ppc64el

xenial (16.04LTS) (libs): Network Security Service libraries
2:3.28.4-0ubuntu0.16.04.2 [security]: amd64 i386
2:3.21-1ubuntu4 [ports]: arm64 armhf powerpc ppc64el s390x

zesty (libs): Network Security Service libraries
2:3.28.4-0ubuntu0.17.04.2 [security]: amd64 i386
2:3.26.2-1ubuntu1 [ports]: arm64 armhf powerpc ppc64el s390x

artful (libs): Network Security Service libraries
2:3.28.4-0ubuntu2: amd64 arm64 armhf i386 ppc64el s390x

Even the yet to release 17.10 has 3.28.

The latest CVE-2017-7502 ("Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.") on this package has been solved and is released as part of released (2:3.28.4-0ubuntu2) on 2017-06-19.

So I would assume that your bug is either still outstanding or was put in 2:3.28.4 and solved.

Regarding other bugs on NSS:

nss
CVE             Artful    Precise/e Trusty    Vivid Xenial      Yakkety     Zesty
CVE-2016-2183   released    needed  released    --  released    released    released
CVE-2017-5461   released    needed  released    --  released    released    released
CVE-2017-5462   released    needed  released    --  released    released    released
CVE-2017-7502   released    needed  released    --  released    released    released
  • ALL have a "fix released" on the versions that matter.
  • As far as I can tell you need version "2:3.28.4-0ubuntu0".

There is a listing for NSS 3.30 for Debian though. So there is a way to install it, though not recommended.

  • [2017-06-23] nss 2:3.31-1 MIGRATED to testing (Britney)
  • [2017-05-19] Accepted 2:3.30.2-1 in experimental (medium) (Mike Hommey)

So you could download the version from Debian and use dpkg to install it on your machine.

  • Mind that the 3.30 version in Debian is experimental
  • It is not the normal method to install a newer version.
  • This might come to bite you in the future.

But if it works all the better.

Rinzwind
  • 299,756