The nss packages for aarch64 are now available https://forums.centos.org/viewtopic.php?f=51&t=78830&p=331279 On Sat, March 5, 2022 1:10 am, Raj Shekhar wrote: > Hi > > I a running centos-7.9 (CentOS Linux release 7.9.2009 (AltArch)) > > nss had a vulnerability reported with a CVSS score of 9.8 > (https://access.redhat.com/security/cve/CVE-2021-43527). > > I can see that there is a x86_64 package for nss that fixes this > vulnerability (nss-3.67.0-4.el7_9.x86_64) > > rpm -q nss --changelog |head -n 10 > * Thu Nov 18 2021 Bob Relyea <rrelyea at redhat.com> - 3.67.0-4 > - fix CVE-2021-43527 > > However, when I tried to find the updated package for aarch64, I don't see > a package fixing this vulnerability for aarch64. Reading the security > report seems to indicate that this affects all architectures. I can also > see that amazonlinux and oracle linux have released nss packages to > address this vulnerability. > > Looking through the centos forums, I have not been able to figure out why > this package is missing for aarch64. Does someone know why this package > with high vulnerability has not been updated for centos-7.9? > > Thanks for your guidance. > > > > -- > Raj Shekhar > > _______________________________________________ > Arm-dev mailing list > Arm-dev at centos.org > https://lists.centos.org/mailman/listinfo/arm-dev > -- Raj Shekhar