ALAS-2014-281

Amazon Linux 1 Security Advisory: ALAS-2014-281
Advisory Release Date: 2014-01-15 11:58 Pacific
Advisory Updated Date: 2014-09-16 22:20 Pacific

Severity: Medium

References: RHSA-2013-1866
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

It was found that a subordinate Certificate Authority (CA) mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted.

Affected Packages:

ca-certificates

Issue Correction:
Run yum update ca-certificates to update your system.

New Packages:

noarch:
    ca-certificates-2012.1.95-3.12.amzn1.noarch

src:
    ca-certificates-2012.1.95-3.12.amzn1.src

Additional References

Red Hat:

Mitre: