This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Amazon Linux AMI host is missing a security update.
It was found that a Certificate Authority (CA) issued a subordinate CA
certificate to its customer, that could be used to issue certificates
for any name. This update renders the subordinate CA certificate as
Note: This fix only applies to applications using the NSS Builtin
Object Token. It does not render the certificates untrusted for
applications that use the NSS library, but do not use the NSS Builtin
The nspr package has been upgraded to upstream version 4.9, which
provides a number of bug fixes and enhancements over the previous
The nss-util package has been upgraded to upstream version 3.13.3,
which provides a number of bug fixes and enhancements over the
previous version. (BZ#799192)
The nss package has been upgraded to upstream version 3.13.3, which
provides numerous bug fixes and enhancements over the previous
version. In particular, SSL 2.0 is now disabled by default, support
for SHA-224 has been added, PORT_ErrorToString and PORT_ErrorToName
now return the error message and symbolic name of an NSS error code,
and NSS_GetVersion now returns the NSS version string. (BZ#744070)
See also :
Run 'yum update nss' to update your system.
Risk factor :