Nss Bug

Categories General Info

The Problem:

There is an issue on CloudLinux 6.8 and CentOS 6.8 servers with the nss package version numbered 3.21.0-8. In general, if you see either:
curl https://google.com > /dev/null
Illegal instruction (core dumped)

or
rhn_check
Illegal instruction (core dumped)

In both cases, the fix that is being advised amounts to downgrading the nss packages to version 3.21.0-0.3.
The instructions are different between CloudLinux and CentOS.
 

CloudLinux

The older package is still in CloudLinux’s repositories, so this is easy.┬áRun the following command and check that you are going to 3.21.0-0.3
NSS_DISABLE_HW_GCM=1 yum downgrade nss nss-util nss-tools nss-sysinit
Then edit the
vim /etc/yum.conf
file adding nss* to the end of the exclude= line like so

exclude=courier* dovecot* exim* filesystem httpd* mod_ssl* mydns* mysql* nsd* php* proftpd* pure-ftpd* spamassassin* squirrelmail* nss*

Then, check your work with the following command
curl https://google.com > /dev/null

 

CentOS

CentOS is a bit more difficult, since everything just upgraded to CentOS 6.8 and the older package is not in the system repositories.

Create the file
touch /etc/yum.repos.d/nss-fix.repo
with the following contents:
[nss-fix]
name=repository used solely to fix nss
baseurl=http://vault.centos.org/6.7/updates/x86_64/
enabled=0
includepkgs=nss*
#gpgcheck=1
priority=3

Then, run the following command and check that you are going to 3.21.0-0.3
yum --enablerepo=nss-fix downgrade nss nss-sysinit nss-util nss-tools
Next, change

vim /etc/yum.conf

adding nss* to the end of the exclude= line like so

exclude=courier* dovecot* exim* filesystem httpd* mod_ssl* mydns* mysql* nsd* php* proftpd* pure-ftpd* spamassassin* squirrelmail* nss*

Check your work with the following command
curl https://google.com > /dev/null

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.