Amazon Linux 1 Security Advisory: ALAS-2011-21
Advisory Release Date: 2011-11-19 01:21 Pacific
Advisory Updated Date: 2014-09-14 14:43 Pacific
It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority (CA) issued HTTPS certificates with weak keys. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. Note: Digicert Sdn. Bhd. is not the same company as found at digicert.com.
Affected Packages:
nss
Issue Correction:
Run yum update nss to update your system.
i686:
nss-debuginfo-3.12.10-2.23.amzn1.i686
nss-sysinit-3.12.10-2.23.amzn1.i686
nss-3.12.10-2.23.amzn1.i686
nss-tools-3.12.10-2.23.amzn1.i686
nss-devel-3.12.10-2.23.amzn1.i686
nss-pkcs11-devel-3.12.10-2.23.amzn1.i686
src:
nss-3.12.10-2.23.amzn1.src
x86_64:
nss-tools-3.12.10-2.23.amzn1.x86_64
nss-sysinit-3.12.10-2.23.amzn1.x86_64
nss-pkcs11-devel-3.12.10-2.23.amzn1.x86_64
nss-debuginfo-3.12.10-2.23.amzn1.x86_64
nss-3.12.10-2.23.amzn1.x86_64
nss-devel-3.12.10-2.23.amzn1.x86_64