CLSA-2026-1773772035 Fix CVE(s): CVE-2025-23048

SECURITY UPDATE: SNI validation issue in modssl - debian/patches/CVE-2025-23048.patch: update SNI validation to move the SSL compatibility check after strict SNI hostname verification in modules/ssl/sslenginekernel.c. - CVE-2025-23048...

CLSA-2025-1757428404 Fix CVE(s): CVE-2025-23048

SECURITY UPDATE: access control bypass by trusted clients via TLS 1.3 session resumption - debian/patches/CVE-2025-23048.patch: update SNI validation to fix compatibility issue - CVE-2025-23048...

Improper certificate management in AWS IoT Device SDK v2

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority CA to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been "overridden". TLS handshakes will thus succeed if the peer...

CVE-2021-40831

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority CA to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridden”. TLS handshakes will thus succeed if the peer...

PYSEC-2021-864

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority CA to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridden”. TLS handshakes will thus succeed if the peer...

CVE-2021-40831

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority CA to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridden”. TLS handshakes will thus succeed if the peer...

Improper Certificate Validation

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority CA to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridden”. TLS handshakes will thus succeed if the peer...

CVE-2021-40831 Missing SNI validation and inconsistent CA override function behavior within AWS IoT Device SDKs on Apple devices

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority CA to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridden”. TLS handshakes will thus succeed if the peer...

CVE-2021-40831

The CVE-2021-40831 issue affects AWS IoT Device SDK v2 for Java, Python, C++ and Node.js on macOS. The product appends a user-supplied CA to the root trust store instead of overriding it, and SNI validation is not enabled when the CA is overridden. TLS handshakes may succeed if the peer is verifi...