A vulnerability was reported in the CloudFormation bootstrap tools, different from the one in CVE-2017-9450 , where default behavior in the handling of cfn-init metadata can provide escalated privileges to an attacker with local access to the system
This update adds the checkHost option to stunnel, which verifies the host of the peer certificate subject. Certificates are accepted if no checkHost option was specified, or the host name of the peer certificate matches any of the hosts specified with checkHost.This update adds the OCSPaia option to stunnel, which enables stunnel to validate certificates with the list of OCSP responder URLs retrie ...
Due to a problem with the configuration of kernels 3.10.34-37 and 3.10.34-38 and their interaction with the authentication modules stack, the sshd daemon which is part of the openssh package will no longer allow remote logins following a restart of the sshd service.There are two permanant fixes for this issue, and we urge you to apply both. Update to openssh-server-6.2p2-7.40. Update to kernel-3.1 ...
It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority issued HTTPS certificates with weak keys. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. Note: Digicert Sdn. Bhd. is not the same company as found at digicert.com.
This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet Public Key Infrastructure .It was found that a Certificate Authority issued fraudulent HTTPS certificates. This update removes that CA"s root certificate from the ca-certificates package, rendering any HTTPS certificates signed by that CA as untrusted.All users should upgrade to this update ...
It was found that a Certificate Authority issued a subordinate CA certificate to its customer, that could be used to issue certificates for any name. This update renders the subordinate CA certificate as untrusted.