AnswerBun.com

How can I install nspr 4.25 on CentOS 7?

Server Fault Asked by DrTeeth on December 18, 2020

I’m trying to resolve a security vulnerability – specifically https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006 . The general solution is to update packages

  • nspr-0:4.21.0-1.el7
  • nss-0:3.44.0-7.el7_7
  • nss-softokn-0:3.44.0-8.el7_7
  • nss-softokn-freebl-0:3.44.0-8.el7_7
  • nss-sysinit-0:3.44.0-7.el7_7
  • nss-tools-0:3.44.0-7.el7_7
  • nss-util-0:3.44.0-4.el7_7

So I tried the standard yum update, but that seems to think that 4.21 is the latest version of nspr, and that’s already installed. The vulnerability wasn’t fixed until 4.25. I tried Googling around, and at least from the official CentOS sites I found, they also believe 4.21 to be the latest version.

However – rpmfind.net lists both 4.25 and 4.29 versions, e.g. http://fr2.rpmfind.net/linux/RPM/centos/updates/7.9.2009/x86_64/Packages/nspr-4.25.0-2.el7_9.x86_64.html

It seems dicey to me to start resolving security vulnerabilities with rpmfind.net. I don’t see how these are signed by official CentOS (or RHEL) authors, so are these safe to just use as-is? Is there a way to validate the author / package release?

What is the "right" way to resolve a vulnerability like this when the OS vendor hasn’t released a fix through the package manager?

One Answer

The updates you are looking for were released in RHEL 7.9, but CentOS (which is based on RHEL) has not yet updated to 7.9.

If you need early access to it, you can get packages for the next minor CentOS 7 release in the cr repo.

[[email protected] ~]# yum --enablerepo=cr update nspr nss
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.mirror.vexxhost.com
 * extras: centos.mirror.vexxhost.com
 * updates: centos.mirror.vexxhost.com
Resolving Dependencies
--> Running transaction check
---> Package nspr.x86_64 0:4.21.0-1.el7 will be updated
---> Package nspr.x86_64 0:4.25.0-2.el7_9 will be an update
---> Package nss.x86_64 0:3.44.0-7.el7_7 will be updated
--> Processing Dependency: nss = 3.44.0-7.el7_7 for package: nss-sysinit-3.44.0-7.el7_7.x86_64
--> Processing Dependency: nss(x86-64) = 3.44.0-7.el7_7 for package: nss-tools-3.44.0-7.el7_7.x86_64
---> Package nss.x86_64 0:3.53.1-3.el7_9 will be an update
--> Processing Dependency: nss-util >= 3.53.1-1 for package: nss-3.53.1-3.el7_9.x86_64
--> Processing Dependency: nss-softokn(x86-64) >= 3.53.1-2 for package: nss-3.53.1-3.el7_9.x86_64
--> Running transaction check
---> Package nss-softokn.x86_64 0:3.44.0-8.el7_7 will be updated
---> Package nss-softokn.x86_64 0:3.53.1-6.el7_9 will be an update
--> Processing Dependency: nss-softokn-freebl(x86-64) >= 3.53.1-6.el7_9 for package: nss-softokn-3.53.1-6.el7_9.x86_64
---> Package nss-sysinit.x86_64 0:3.44.0-7.el7_7 will be updated
---> Package nss-sysinit.x86_64 0:3.53.1-3.el7_9 will be an update
---> Package nss-tools.x86_64 0:3.44.0-7.el7_7 will be updated
---> Package nss-tools.x86_64 0:3.53.1-3.el7_9 will be an update
---> Package nss-util.x86_64 0:3.44.0-4.el7_7 will be updated
---> Package nss-util.x86_64 0:3.53.1-1.el7_9 will be an update
--> Running transaction check
---> Package nss-softokn-freebl.x86_64 0:3.44.0-8.el7_7 will be updated
---> Package nss-softokn-freebl.x86_64 0:3.53.1-6.el7_9 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                   Arch          Version                Repository
                                                                           Size
================================================================================
Updating:
 nspr                      x86_64        4.25.0-2.el7_9         cr        127 k
 nss                       x86_64        3.53.1-3.el7_9         cr        869 k
Updating for dependencies:
 nss-softokn               x86_64        3.53.1-6.el7_9         cr        354 k
 nss-softokn-freebl        x86_64        3.53.1-6.el7_9         cr        322 k
 nss-sysinit               x86_64        3.53.1-3.el7_9         cr         65 k
 nss-tools                 x86_64        3.53.1-3.el7_9         cr        535 k
 nss-util                  x86_64        3.53.1-1.el7_9         cr         79 k

Transaction Summary
================================================================================
Upgrade  2 Packages (+5 Dependent packages)

Total download size: 2.3 M
Is this ok [y/d/N]: 

Correct answer by Michael Hampton on December 18, 2020

Add your own answers!

Related Questions

nginx as Reverse Proxy – Disable Upstream Node if 502

2  Asked on December 11, 2021 by user2770362

   

gitlab pg_dump version mismatch

1  Asked on December 11, 2021 by projectpaatt

   

Why does my ssh key not work?

0  Asked on December 11, 2021

 

Editing $PROFILE in Azure Cloud Shell

0  Asked on December 11, 2021 by madushan

   

Email deliverability — Whitelist solution or Email delivery service?

2  Asked on December 9, 2021 by joefrshnjoeclean

   

sftp file size limit

2  Asked on December 9, 2021 by 0x4a6f4672

   

IIS: requesting PNG returns 401

1  Asked on December 9, 2021 by scottysseus

     

AD printer installs require admin rights

1  Asked on December 9, 2021 by tim-brigham

   

Ask a Question

Get help from others!

© 2022 AnswerBun.com. All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP