ALAS-2014-274

Amazon Linux 1 Security Advisory: ALAS-2014-274
Advisory Release Date: 2014-01-14 15:56 Pacific
Advisory Updated Date: 2014-09-16 22:17 Pacific

Severity: Medium

References: RHSA-2013-1861
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

It was found that a subordinate Certificate Authority (CA) mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted.

Affected Packages:

nss

Issue Correction:
Run yum update nss to update your system.

New Packages:

i686:
    nss-tools-3.15.3-3.32.amzn1.i686
    nss-debuginfo-3.15.3-3.32.amzn1.i686
    nss-sysinit-3.15.3-3.32.amzn1.i686
    nss-devel-3.15.3-3.32.amzn1.i686
    nss-pkcs11-devel-3.15.3-3.32.amzn1.i686
    nss-3.15.3-3.32.amzn1.i686

src:
    nss-3.15.3-3.32.amzn1.src

x86_64:
    nss-tools-3.15.3-3.32.amzn1.x86_64
    nss-devel-3.15.3-3.32.amzn1.x86_64
    nss-pkcs11-devel-3.15.3-3.32.amzn1.x86_64
    nss-3.15.3-3.32.amzn1.x86_64
    nss-sysinit-3.15.3-3.32.amzn1.x86_64
    nss-debuginfo-3.15.3-3.32.amzn1.x86_64

Additional References

Red Hat:

Mitre: