Amazon Linux Local Check: ALAS-2015-564

Information

Severity

Severity

Medium

Family

Family

Amazon Linux Local Security Checks

CVSSv2 Base

CVSSv2 Base

6.4

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

6 years ago

Modified

Modified

3 years ago

Summary

Amazon Linux Local Security Checks

Insight

Insight

During certificate verfification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and issue an invalid certificate.This issue will impact any application that verifies certificates including SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.The only version of OpenSSL from the Amazon Linux AMI that is impacted by this CVE is openssl-1.0.1k-10.86.amzn1, which was published as ALAS-2015-550.

Solution

Solution

Run yum update openssl to update your system. Note that you may need to run yum clean all first.

Common Vulnerabilities and Exposures (CVE)

Free Vulnerability Scanner

Mageni can help you to scan, assess and manage your vulnerabilities.

Processing. Please wait...

We care about the protection of your data. Read our Privacy Policy.