Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2-2023-2224

Related Vulnerabilities: CVE-2023-37920  

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. (CVE-2023-37920)

Source

ALAS2-2023-2224

Amazon Linux 2 Security Advisory: ALAS-2023-2224
Advisory Release Date: 2023-08-31 22:28 Pacific
Advisory Updated Date: 2023-09-07 18:50 Pacific
Severity: Important
Issue Overview:

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. (CVE-2023-37920)


Affected Packages:

ca-certificates


Issue Correction:
Run yum update ca-certificates to update your system.

New Packages:
noarch:
    ca-certificates-2021.2.50-72.amzn2.0.8.noarch

src:
    ca-certificates-2021.2.50-72.amzn2.0.8.src

Additional References

Red Hat: CVE-2023-37920

Mitre: CVE-2023-37920

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started