SUSE-RU-2015:0197-1: moderate: Recommended update for ca-certificates-mozilla

sle-updates at lists.suse.com sle-updates at lists.suse.com
Mon Feb 2 09:04:48 MST 2015


   SUSE Recommended Update: Recommended update for ca-certificates-mozilla
______________________________________________________________________________

Announcement ID:    SUSE-RU-2015:0197-1
Rating:             moderate
References:         #888534 
Affected Products:
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Desktop 12
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:


   The system root SSL certificates were updated to match Mozilla NSS 2.2.

   Some removed/disabled 1024 bit certificates were temporarily
   reenabled/readded, as openssl and gnutls have a different handling of
   intermediates than mozilla nss and would otherwise not recognize SSL
   certificates from commonly used sites like Amazon.

   Updated to 2.2 (bnc#888534)
   - The following CAs were added:
     + COMODO_RSA_Certification_Authority codeSigning emailProtection
       serverAuth
     + GlobalSign_ECC_Root_CA_-_R4 codeSigning emailProtection serverAuth
     + GlobalSign_ECC_Root_CA_-_R5 codeSigning emailProtection serverAuth
     + USERTrust_ECC_Certification_Authority codeSigning emailProtection
       serverAuth
     + USERTrust_RSA_Certification_Authority codeSigning emailProtection
       serverAuth
     + VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal
   - The following CAs were changed:
     + Equifax_Secure_eBusiness_CA_1 remote code signing and https trust,
       leave email trust
     + Verisign_Class_3_Public_Primary_Certification_Authority_-_G2
       only trust emailProtection
   - Updated to 2.1 (bnc#888534)
   - The following 1024-bit CA certificates were removed
     - Entrust.net Secure Server Certification Authority
     - ValiCert Class 1 Policy Validation Authority
     - ValiCert Class 2 Policy Validation Authority
     - ValiCert Class 3 Policy Validation Authority
     - TDC Internet Root CA
   - The following CA certificates were added:
     - Certification Authority of WoSign
     - CA 沃通根证书
     - DigiCert Assured ID Root G2
     - DigiCert Assured ID Root G3
     - DigiCert Global Root G2
     - DigiCert Global Root G3
     - DigiCert Trusted Root G4
     - QuoVadis Root CA 1 G3
     - QuoVadis Root CA 2 G3
     - QuoVadis Root CA 3 G3
   - The Trust Bits were changed for the following CA certificates
     - Class 3 Public Primary Certification Authority
     - Class 3 Public Primary Certification Authority
     - Class 2 Public Primary Certification Authority - G2
     - VeriSign Class 2 Public Primary Certification Authority - G3
     - AC Raíz Certicámara S.A.
     - NetLock Uzleti (Class B) Tanusitvanykiado
     - NetLock Expressz (Class C) Tanusitvanykiado

   Temporary reenable some root ca trusts, as openssl/gnutls have trouble
   using intermediates as root CA.
     - GTE CyberTrust Global Root
     - Thawte Server CA
     - Thawte Premium Server CA
     - ValiCert Class 1 VA
     - ValiCert Class 2 VA
     - RSA Root Certificate 1
     - Entrust.net Secure Server CA
     - America Online Root Certification Authority 1
     - America Online Root Certification Authority 2


Patch Instructions:

   To install this SUSE Recommended Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12:

      zypper in -t patch SUSE-SLE-SERVER-12-2015-50

   - SUSE Linux Enterprise Desktop 12:

      zypper in -t patch SUSE-SLE-DESKTOP-12-2015-50

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 12 (noarch):

      ca-certificates-mozilla-2.2-7.1

   - SUSE Linux Enterprise Desktop 12 (noarch):

      ca-certificates-mozilla-2.2-7.1


References:

   https://bugzilla.suse.com/show_bug.cgi?id=888534



More information about the sle-updates mailing list