Amazon Linux 2 : ca-certificates (ALAS-2021-1710)

high Nessus Plugin ID 153883


The remote Amazon Linux 2 host is missing a security update.


The version of ca-certificates installed on the remote host is prior to 2021.2.50-72. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1710 advisory.

- Update of ca-certificates to version 2021.2.50-72.amzn2.0.1 addresses the expiring IdentTrust DST Root CA X3, which affected some Let's Encrypt TLS certificates. The effect of the expiring certificate would be an inability of OpenSSL to validate impacted certificates issued by Let's Encrypt. Impacted customers may have experienced connection or certificate errors when attempting to connect to certain websites or APIs that use Let's Encrypt certificates. (ALAS2-2021-1710)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Run 'yum update ca-certificates' to update your system.

See Also

Plugin Details

Severity: High

ID: 153883

File Name: al2_ALAS-2021-1710.nasl

Version: 1.2

Type: local

Agent: unix

Published: 10/5/2021

Updated: 10/5/2021

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:ca-certificates, cpe:/o:amazon:linux:2

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/30/2021

Vulnerability Publication Date: 9/30/2021

Reference Information

ALAS: 2021-1710