Amazon Linux 2.0.20211201.0 release notes - Amazon Linux 2

Amazon Linux 2.0.20211201.0 release notes

Amazon Linux 2 was updated.

Major updates

Amazon Linux 2 includes the following update.

  • Updated NSS to fix CVE-2021-43527. Network Security Services (NSS) up to and including version 3.73 is vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications that use NSS for handling signatures that are encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications that use NSS for certificate validation or other TLS, X.509, OCSP, or CRL functionality might be impacted. This depends on how they configure NSS. When verifying a DER-encoded signature, NSS decodes the signature into a fixed-size buffer and passes the buffer to the underlying PKCS \#11 module. The length of the signature isn't correctly checked when processing DSA and RSA-PSS signatures. DSA and RSA-PSS signatures larger than 16,384 bits overflows the buffer in VFYContextStr. The vulnerable code is located within secvfy.c:vfy_CreateContext.

Package updates

Amazon Linux 2 includes the following packages.

  • nspr-4.32.0-1.amzn2.aarch64

  • nspr-4.32.0-1.amzn2.x86_64

  • nss-3.67.0-4.amzn2.0.1.aarch64

  • nss-3.67.0-4.amzn2.0.1.x86_64

  • nss-softokn-3.67.0-3.amzn2.aarch64

  • nss-softokn-3.67.0-3.amzn2.x86_64

  • nss-softokn-freebl-3.67.0-3.amzn2.aarch6

  • nss-softokn-freebl-3.67.0-3.amzn2.x86_64

  • nss-sysinit-3.67.0-4.amzn2.0.1.aarch64

  • nss-sysinit-3.67.0-4.amzn2.0.1.x86_64

  • nss-tools-3.67.0-4.amzn2.0.1.aarch64

  • nss-tools-3.67.0-4.amzn2.0.1.x86_64

  • nss-util-3.67.0-1.amzn2.aarch64

  • nss-util-3.67.0-1.amzn2.x86_64

  • selinux-policy-3.13.1-268.amzn2.2.2.noarch

  • selinux-policy-targeted-3.13.1-268.amzn2.2.2.noarch

Kernel updates

No kernel update.