Join Log in
Score:-1
afernandezody avatar Ubuntu

Vulnerability with NSS

us flag
afernandezody

A recent vulnerability regarding NSS has been found (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527). Is there any way to upgrade an Ubuntu 20.04 system to meet the minimum requirements and avoid this vulnerability? Thanks.

38
0 + 0
user535733 avatar
cn flag
user535733
Step 1: Check the CVE tracker at https://ubuntu.com/security/cve
0
Reply
Score:2
user535733 avatar Ubuntu
cn flag
user535733

See https://ubuntu.com/security/CVE-2021-43527:

The affected packages have already been patched, and those patched packages are already in the Ubuntu repositories. You should have received them automatically around 01 December 2021 -- that's what Unattended Upgrades does.

The patched version of nss in Ubuntu 20.04 is 2:3.49.1-1ubuntu1.6

0 + 0
afernandezody avatar
us flag
afernandezody
My installation returned 0.16.1-1ubuntu0.1 as the aide version. There is no change in nss (still 2:3.49.1-1ubuntu1.6) so I guess that the only way to check out if the patch is effective would be rescanning (which will take some time).
0
Reply
user535733 avatar
cn flag
user535733
Re-read the corrected answer. The `aide` package was a mistake. You are already running the patched version of nss.
0
Reply
hu flag
mikewhatever
Run `apt-get changelog libnss3`. It says CVE-2021-43527 has been patched last year.
1
Reply
afernandezody avatar
us flag
afernandezody
The changelog seems to point to 29/11/2021 as the date that the patch was installed. I think that I got it. Thanks.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.