StarlingX

  1. Bug #1957929
  2. Comment #2

Comment 2 for bug 1957929

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/825375
Committed: https://opendev.org/starlingx/tools/commit/4840fc1bda693acec52e89a7cbb6d162bd226709
Submitter: "Zuul (22348)"
Branch: master

commit 4840fc1bda693acec52e89a7cbb6d162bd226709
Author: Joe Slater <email address hidden>
Date: Tue Jan 18 14:16:18 2022 -0500

    nss: fix CVE-2021-43527

    nss is vulnerable to a heap overflow when handling DER-encoded
    DSA or RSA-PSS signatures. We update nss packages and nspr to
    the latest centos7 versions.

    *** Testing ***
    To be sure we will work with existing databases, before updating,
    create a database.

    $ mkdir arf
    $ echo "Pword22*" > arf/pass.
    $ certutil -N -d arf -f arf/pass
    $ certutil -G -d arf -f arf/pass # put a key pair in the database

    Save the arf directory. Install an iso with the updated nss packages.
    Import arf. Then...

    $ certutil -K -d arf -f arf/pass # display the keyID
    $ certutil -G -d arf -f arf/pass # add a key
    $ certutil -K -d arf -f arf/pass # display both keyID's
    ***

    Closes-bug: 1957929
    Change-Id: I960e42d1e361dace4443d6a052fe06206c6675dd
    Signed-off-by: Joe Slater <email address hidden>