Amazon Linux 2 Security Advisory: ALAS-2019-1139
Advisory Release Date: 2019-01-07 21:51 Pacific
Advisory Updated Date: 2019-01-09 00:54 Pacific
Severity:
Medium
References:
CVE-2018-1000007
CVE-2018-1000120
CVE-2018-1000121
CVE-2018-1000122
CVE-2018-1000301
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
The nss-pem package provides the PEM file reader for Network Security Services (NSS) implemented as a PKCS#11 module. This update contains fixes related to CURL security updates, specifically updating an object ID when reusing a certificate
Affected Packages:
nss-pem
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update nss-pem to update your system.
New Packages:
aarch64:
nss-pem-1.0.3-5.amzn2.aarch64
nss-pem-debuginfo-1.0.3-5.amzn2.aarch64
i686:
nss-pem-1.0.3-5.amzn2.i686
nss-pem-debuginfo-1.0.3-5.amzn2.i686
src:
nss-pem-1.0.3-5.amzn2.src
x86_64:
nss-pem-1.0.3-5.amzn2.x86_64
nss-pem-debuginfo-1.0.3-5.amzn2.x86_64