Amazon Linux 1 Security Advisory: ALAS-2011-3
Advisory Release Date: 2011-10-10 22:31 Pacific
Advisory Updated Date: 2014-09-14 14:25 Pacific
Severity:
Medium
Issue Overview:
This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet Public Key Infrastructure (PKI).
It was found that a Certificate Authority (CA) issued fraudulent HTTPS certificates. This update removes that CA's root certificate from the ca-certificates package, rendering any HTTPS certificates signed by that CA as untrusted.
All users should upgrade to this updated package. After installing the update, all applications using the ca-certificates package must be restarted for the changes to take effect.
Affected Packages:
ca-certificates
Issue Correction:
Run yum update ca-certificates to update your system.
New Packages:
noarch:
ca-certificates-2010.63-3.7.amzn1.noarch
src:
ca-certificates-2010.63-3.7.amzn1.src