Issue Overview:
An initial fix in Amazon Linux ca-certificates package relating to CVE-2022-23491 did not properly remove root certificates from TrustCor from the root store. (CVE-2023-32803)
Affected Packages:
ca-certificates
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update ca-certificates to update your system.
New Packages:
noarch:
ca-certificates-2021.2.50-72.amzn2.0.7.noarch
src:
ca-certificates-2021.2.50-72.amzn2.0.7.src
Red Hat: CVE-2023-32803
Mitre: CVE-2023-32803
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 2 | noarch | ca-certificates | < 2021.2.50-72.amzn2.0.7 | ca-certificates-2021.2.50-72.amzn2.0.7.noarch.rpm |