ALAS-2014-274


Amazon Linux AMI Security Advisory: ALAS-2014-274
Advisory Release Date: 2014-09-16 22:17 Pacific
Severity: Medium
References: RHSA-2013-1861 

Issue Overview:

It was found that a subordinate Certificate Authority (CA) mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted.


Affected Packages:

nss


Issue Correction:
Run yum update nss to update your system.

New Packages:
i686:
    nss-tools-3.15.3-3.32.amzn1.i686
    nss-debuginfo-3.15.3-3.32.amzn1.i686
    nss-sysinit-3.15.3-3.32.amzn1.i686
    nss-devel-3.15.3-3.32.amzn1.i686
    nss-pkcs11-devel-3.15.3-3.32.amzn1.i686
    nss-3.15.3-3.32.amzn1.i686

src:
    nss-3.15.3-3.32.amzn1.src

x86_64:
    nss-tools-3.15.3-3.32.amzn1.x86_64
    nss-devel-3.15.3-3.32.amzn1.x86_64
    nss-pkcs11-devel-3.15.3-3.32.amzn1.x86_64
    nss-3.15.3-3.32.amzn1.x86_64
    nss-sysinit-3.15.3-3.32.amzn1.x86_64
    nss-debuginfo-3.15.3-3.32.amzn1.x86_64