commit 4840fc1bda693acec52e89a7cbb6d162bd226709
Author: Joe Slater <email address hidden>
Date: Tue Jan 18 14:16:18 2022 -0500
nss: fix CVE-2021-43527
nss is vulnerable to a heap overflow when handling DER-encoded
DSA or RSA-PSS signatures. We update nss packages and nspr to
the latest centos7 versions.
*** Testing ***
To be sure we will work with existing databases, before updating,
create a database.
$ mkdir arf
$ echo "Pword22*" > arf/pass.
$ certutil -N -d arf -f arf/pass
$ certutil -G -d arf -f arf/pass # put a key pair in the database
Save the arf directory. Install an iso with the updated nss packages.
Import arf. Then...
Reviewed: https:/ /review. opendev. org/c/starlingx /tools/ +/825375 /opendev. org/starlingx/ tools/commit/ 4840fc1bda693ac ec52e89a7cbb6d1 62bd226709
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 4840fc1bda693ac ec52e89a7cbb6d1 62bd226709
Author: Joe Slater <email address hidden>
Date: Tue Jan 18 14:16:18 2022 -0500
nss: fix CVE-2021-43527
nss is vulnerable to a heap overflow when handling DER-encoded
DSA or RSA-PSS signatures. We update nss packages and nspr to
the latest centos7 versions.
*** Testing ***
To be sure we will work with existing databases, before updating,
create a database.
$ mkdir arf
$ echo "Pword22*" > arf/pass.
$ certutil -N -d arf -f arf/pass
$ certutil -G -d arf -f arf/pass # put a key pair in the database
Save the arf directory. Install an iso with the updated nss packages.
Import arf. Then...
$ certutil -K -d arf -f arf/pass # display the keyID
$ certutil -G -d arf -f arf/pass # add a key
$ certutil -K -d arf -f arf/pass # display both keyID's
***
Closes-bug: 1957929 ce4443d6a052fe0 6206c6675dd
Change-Id: I960e42d1e361da
Signed-off-by: Joe Slater <email address hidden>