nss: fix CVE-2021-43527

nss is vulnerable to a heap overflow when handling DER-encoded
DSA or RSA-PSS signatures.  We update nss packages and nspr to
the latest centos7 versions.

*** Testing ***
To be sure we will work with existing databases, before updating,
create a database.

$ mkdir arf
$ echo "Pword22*" > arf/pass.
$ certutil -N -d arf -f arf/pass
$ certutil -G -d arf -f arf/pass   # put a key pair in the database

Save the arf directory.  Install an iso with the updated nss packages.
Import arf.  Then...

$ certutil -K -d arf -f arf/pass   # display the keyID
$ certutil -G -d arf -f arf/pass   # add a key
$ certutil -K -d arf -f arf/pass   # display both keyID's
***

Closes-bug: 1957929
Change-Id: I960e42d1e361dace4443d6a052fe06206c6675dd
Signed-off-by: Joe Slater <joe.slater@windriver.com>
This commit is contained in:
Joe Slater 2022-01-18 14:16:18 -05:00
parent d07b53efbc
commit 4840fc1bda
8 changed files with 41 additions and 41 deletions

View File

@ -179,15 +179,15 @@ ncurses-devel-5.9-14.20130511.el7_4.x86_64.rpm
# ncurses-libs-5.9-14.20130511.el7_4.x86_64.rpm provided by mock
neon-0.30.0-3.el7.x86_64.rpm
nettle-2.7.1-8.el7.x86_64.rpm
# nspr-4.25.0-2.el7_9.x86_64.rpm provided by mock
nspr-devel-4.25.0-2.el7_9.x86_64.rpm
# nss-3.53.1-3.el7_9.x86_64.rpm provided by mock
nss-devel-3.53.1-3.el7_9.x86_64.rpm
# nspr-4.32.0-1.el7_9.x86_64.rpm provided by mock
nspr-devel-4.32.0-1.el7_9.x86_64.rpm
# nss-3.67.0-4.el7_9.x86_64.rpm provided by mock
nss-devel-3.67.0-4.el7_9.x86_64.rpm
# nss-pem-1.0.3-5.el7.x86_64.rpm provided by mock
# nss-sysinit-3.53.1-3.el7_9.x86_64.rpm provided by mock
# nss-tools-3.53.1-3.el7_9.x86_64.rpm provided by mock
# nss-util-3.53.1-1.el7_9.x86_64.rpm provided by mock
nss-util-devel-3.53.1-1.el7_9.x86_64.rpm
# nss-sysinit-3.67.0-4.el7_9.x86_64.rpm provided by mock
# nss-tools-3.67.0-4.el7_9.x86_64.rpm provided by mock
# nss-util-3.67.0-1.el7_9.x86_64.rpm provided by mock
nss-util-devel-3.67.0-1.el7_9.x86_64.rpm
openssh-7.4p1-21.el7.x86_64.rpm
openssh-clients-7.4p1-21.el7.x86_64.rpm
openssl-devel-1.0.2k-16.el7.x86_64.rpm

View File

@ -22,10 +22,10 @@ mesa-libgbm-18.0.5-3.el7.x86_64.rpm
mesa-libGL-18.0.5-3.el7.x86_64.rpm
mesa-libglapi-18.0.5-3.el7.x86_64.rpm
mesa-libGL-devel-18.0.5-3.el7.x86_64.rpm
# nss-softokn-3.53.1-6.el7_9.x86_64.rpm provided by mock
nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm
# nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm provided by mock
nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm
# nss-softokn-3.67.0-3.el7_9.x86_64.rpm provided by mock
nss-softokn-devel-3.67.0-3.el7_9.x86_64.rpm
# nss-softokn-freebl-3.67.0-3.el7_9.x86_64.rpm provided by mock
nss-softokn-freebl-devel-3.67.0-3.el7_9.x86_64.rpm
# openldap-2.4.44-20.el7.x86_64.rpm provided by mock
# systemd-219-78.el7_9.3.x86_64.rpm provided by mock
# systemd-devel-219-78.el7_9.3.x86_64.rpm provided by mock

View File

@ -597,15 +597,15 @@ newt-0.52.15-4.el7.x86_64.rpm
newt-devel-0.52.15-4.el7.x86_64.rpm
nfs-utils-1.3.0-0.61.el7.x86_64.rpm
nmap-ncat-6.40-16.el7.x86_64.rpm
# nspr-4.25.0-2.el7_9.x86_64.rpm provided by mock
nspr-devel-4.25.0-2.el7_9.x86_64.rpm
# nss-3.53.1-3.el7_9.x86_64.rpm provided by mock
nss-devel-3.53.1-3.el7_9.x86_64.rpm
# nspr-4.32.0-1.el7_9.x86_64.rpm provided by mock
nspr-devel-4.32.0-1.el7_9.x86_64.rpm
# nss-3.67.0-4.el7_9.x86_64.rpm provided by mock
nss-devel-3.67.0-4.el7_9.x86_64.rpm
# nss-pem-1.0.3-5.el7.x86_64.rpm provided by mock
# nss-sysinit-3.53.1-3.el7_9.x86_64.rpm provided by mock
# nss-tools-3.53.1-3.el7_9.x86_64.rpm provided by mock
# nss-util-3.53.1-1.el7_9.x86_64.rpm provided by mock
nss-util-devel-3.53.1-1.el7_9.x86_64.rpm
# nss-sysinit-3.67.0-4.el7_9.x86_64.rpm provided by mock
# nss-tools-3.67.0-4.el7_9.x86_64.rpm provided by mock
# nss-util-3.67.0-1.el7_9.x86_64.rpm provided by mock
nss-util-devel-3.67.0-1.el7_9.x86_64.rpm
numactl-devel-2.0.9-7.el7.x86_64.rpm
numactl-libs-2.0.9-7.el7.x86_64.rpm
nvme-cli-1.8.1-3.el7.x86_64.rpm

View File

@ -52,10 +52,10 @@ mesa-libglapi-18.0.5-3.el7.x86_64.rpm
mesa-libGL-devel-18.0.5-3.el7.x86_64.rpm
NetworkManager-glib-1.12.0-8.el7_6.x86_64.rpm
NetworkManager-glib-devel-1.12.0-8.el7_6.x86_64.rpm
# nss-softokn-3.53.1-6.el7_9.x86_64.rpm provided by mock
nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm
# nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm provided by mock
nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm
# nss-softokn-3.67.0-3.el7_9.x86_64.rpm provided by mock
nss-softokn-devel-3.67.0-3.el7_9.x86_64.rpm
# nss-softokn-freebl-3.67.0-3.el7_9.x86_64.rpm provided by mock
nss-softokn-freebl-devel-3.67.0-3.el7_9.x86_64.rpm
# openldap-2.4.44-20.el7.x86_64.rpm provided by mock
policycoreutils-2.5-29.el7.x86_64.rpm
policycoreutils-devel-2.5-29.el7.x86_64.rpm

View File

@ -597,15 +597,15 @@ ndctl-libs-65-5.el7.x86_64.rpm
nfs-utils-1.3.0-0.61.el7.x86_64.rpm
nmap-ncat-6.40-16.el7.x86_64.rpm
nscd-2.17-323.el7_9.x86_64.rpm
# nspr-4.25.0-2.el7_9.x86_64.rpm provided by mock
# nss-3.53.1-3.el7_9.x86_64.rpm provided by mock
# nspr-4.32.0-1.el7_9.x86_64.rpm provided by mock
# nss-3.67.0-4.el7_9.x86_64.rpm provided by mock
nss_compat_ossl-0.9.6-8.el7.x86_64.rpm
nss-pam-ldapd-0.8.13-16.el7.x86_64.rpm
# nss-pem-1.0.3-5.el7.x86_64.rpm provided by mock
# nss-sysinit-3.53.1-3.el7_9.x86_64.rpm provided by mock
# nss-tools-3.53.1-3.el7_9.x86_64.rpm provided by mock
# nss-util-3.53.1-1.el7_9.x86_64.rpm provided by mock
nss-util-devel-3.53.1-1.el7_9.x86_64.rpm
# nss-sysinit-3.67.0-4.el7_9.x86_64.rpm provided by mock
# nss-tools-3.67.0-4.el7_9.x86_64.rpm provided by mock
# nss-util-3.67.0-1.el7_9.x86_64.rpm provided by mock
nss-util-devel-3.67.0-1.el7_9.x86_64.rpm
numactl-devel-2.0.9-7.el7.x86_64.rpm
numactl-libs-2.0.9-7.el7.x86_64.rpm
nvme-cli-1.8.1-3.el7.x86_64.rpm

View File

@ -43,10 +43,10 @@ libtevent-0.9.39-1.el7.x86_64.rpm
libwbclient-4.10.16-5.el7.x86_64.rpm
lvm2-2.02.177-4.el7.x86_64.rpm
lvm2-libs-2.02.177-4.el7.x86_64.rpm
# nss-softokn-3.53.1-6.el7_9.x86_64.rpm provided by mock
nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm
# nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm provided by mock
nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm
# nss-softokn-3.67.0-3.el7_9.x86_64.rpm provided by mock
nss-softokn-devel-3.67.0-3.el7_9.x86_64.rpm
# nss-softokn-freebl-3.67.0-3.el7_9.x86_64.rpm provided by mock
nss-softokn-freebl-devel-3.67.0-3.el7_9.x86_64.rpm
ntfs-3g-2017.3.23-11.el7.x86_64.rpm
ntfs-3g-devel-2017.3.23-11.el7.x86_64.rpm
ntfsprogs-2017.3.23-11.el7.x86_64.rpm

View File

@ -95,12 +95,12 @@ mpfr-3.1.1-4.el7.x86_64.rpm
ncurses-5.9-14.20130511.el7_4.x86_64.rpm
ncurses-base-5.9-14.20130511.el7_4.noarch.rpm
ncurses-libs-5.9-14.20130511.el7_4.x86_64.rpm
nspr-4.25.0-2.el7_9.x86_64.rpm
nss-3.53.1-3.el7_9.x86_64.rpm
nspr-4.32.0-1.el7_9.x86_64.rpm
nss-3.67.0-4.el7_9.x86_64.rpm
nss-pem-1.0.3-5.el7.x86_64.rpm
nss-sysinit-3.53.1-3.el7_9.x86_64.rpm
nss-tools-3.53.1-3.el7_9.x86_64.rpm
nss-util-3.53.1-1.el7_9.x86_64.rpm
nss-sysinit-3.67.0-4.el7_9.x86_64.rpm
nss-tools-3.67.0-4.el7_9.x86_64.rpm
nss-util-3.67.0-1.el7_9.x86_64.rpm
openldap-2.4.44-20.el7.x86_64.rpm
openssl-libs-1.0.2k-16.el7.x86_64.rpm
p11-kit-0.23.5-3.el7.x86_64.rpm

View File

@ -9,8 +9,8 @@ ima-evm-utils-1.1-2.el7.x86_64.rpm
libblkid-2.23.2-59.el7.x86_64.rpm
libcom_err-1.42.9-13.el7.x86_64.rpm
libsemanage-2.5-14.el7.x86_64.rpm
nss-softokn-3.53.1-6.el7_9.x86_64.rpm
nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm
nss-softokn-3.67.0-3.el7_9.x86_64.rpm
nss-softokn-freebl-3.67.0-3.el7_9.x86_64.rpm
systemd-219-78.el7_9.3.x86_64.rpm
systemd-devel-219-78.el7_9.3.x86_64.rpm
systemd-libs-219-78.el7_9.3.x86_64.rpm