ALAS-2016-650


Amazon Linux AMI Security Advisory: ALAS-2016-650
Advisory Release Date: 2016-02-09 13:30 Pacific
Severity: Medium
References: CVE-2015-5244 

Issue Overview:

It was found that the parsing of the NSSCipherSuite option of mod24_nss, which accepts OpenSSL-style cipherstrings, is flawed. If the option is used to disable insecure ciphersuites using the common "!" syntax, it will actually enable those insecure ciphersuites. (CVE-2015-5244 )


Affected Packages:

mod24_nss


Issue Correction:
Run yum update mod24_nss to update your system.

New Packages:
i686:
    mod24_nss-debuginfo-1.0.12-1.21.amzn1.i686
    mod24_nss-1.0.12-1.21.amzn1.i686

src:
    mod24_nss-1.0.12-1.21.amzn1.src

x86_64:
    mod24_nss-1.0.12-1.21.amzn1.x86_64
    mod24_nss-debuginfo-1.0.12-1.21.amzn1.x86_64