Amazon Linux 1 Security Advisory: ALAS-2014-274
Advisory Release Date: 2014-01-14 15:56 Pacific
Advisory Updated Date: 2014-09-16 22:17 Pacific
It was found that a subordinate Certificate Authority (CA) mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted.
Affected Packages:
nss
Issue Correction:
Run yum update nss to update your system.
i686:
nss-tools-3.15.3-3.32.amzn1.i686
nss-debuginfo-3.15.3-3.32.amzn1.i686
nss-sysinit-3.15.3-3.32.amzn1.i686
nss-devel-3.15.3-3.32.amzn1.i686
nss-pkcs11-devel-3.15.3-3.32.amzn1.i686
nss-3.15.3-3.32.amzn1.i686
src:
nss-3.15.3-3.32.amzn1.src
x86_64:
nss-tools-3.15.3-3.32.amzn1.x86_64
nss-devel-3.15.3-3.32.amzn1.x86_64
nss-pkcs11-devel-3.15.3-3.32.amzn1.x86_64
nss-3.15.3-3.32.amzn1.x86_64
nss-sysinit-3.15.3-3.32.amzn1.x86_64
nss-debuginfo-3.15.3-3.32.amzn1.x86_64