Amazon Linux AMI : ca-certificates (ALAS-2021-1536)

high Nessus Plugin ID 153882


The remote Amazon Linux AMI host is missing a security update.


The version of ca-certificates installed on the remote host is prior to 2018.2.22-65.1.24. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1536 advisory.

- Update of ca-certificates to version 2018.2.22-65.1.24.amzn1 addresses the expiring IdentTrust DST Root CA X3, which affected some Let's Encrypt TLS certificates. The effect of the expiring certificate would be an inability of OpenSSL to validate impacted certificates issued by Let's Encrypt. Impacted customers may have experienced connection or certificate errors when attempting to connect to certain websites or APIs that use Let's Encrypt certificates. (ALAS-2021-1536)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Run 'yum update ca-certificates' to update your system.

See Also

Plugin Details

Severity: High

ID: 153882

File Name: ala_ALAS-2021-1536.nasl

Version: 1.2

Type: local

Agent: unix

Published: 10/5/2021

Updated: 10/5/2021

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:ca-certificates, cpe:/o:amazon:linux

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/30/2021

Vulnerability Publication Date: 9/30/2021

Reference Information

ALAS: 2021-1536