SUSE-CU-2026:1880-1: Recommended update of suse/manager/4.3/proxy-salt-broker

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Mar 18 16:46:28 UTC 2026 

SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:1880-1
Container Tags        : suse/manager/4.3/proxy-salt-broker:4.3.16.2 , suse/manager/4.3/proxy-salt-broker:4.3.16.2.9.63.28 , suse/manager/4.3/proxy-salt-broker:latest
Container Release     : 9.63.28
Severity              : moderate
Type                  : recommended
References            : 1229003 1258002 
-----------------------------------------------------------------

The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:912-1
Released:    Wed Mar 18 07:19:42 2026
Summary:     Recommended update for ca-certificates-mozilla
Type:        recommended
Severity:    moderate
References:  1229003,1258002
This update for ca-certificates-mozilla fixes the following issues:

- test for a concretely missing certificate rather than
  just the directory, as the latter is now also provided by openssl-3
- Re-create java-cacerts with SOURCE_DATE_EPOCH set
  for reproducible builds (bsc#1229003)
- Also mark /usr/share/factory/var/lib/ca-certificates/ as writable by the user 
  during install: allow rpm to properly execute %clean when completed.
- Create /var/lib/ca-certificates during build to ensure rpm gives
  the %ghost'ed directory proper mode attributes.
- Updated to 2.84 state (bsc#1258002)
    * Removed:
        + Baltimore CyberTrust Root
        + CommScope Public Trust ECC Root-01
        + CommScope Public Trust ECC Root-02
        + CommScope Public Trust RSA Root-01
        + CommScope Public Trust RSA Root-02
        + DigiNotar Root CA
    * Added: 
        + e-Szigno TLS Root CA 2023
        + OISTE Client Root ECC G1
        + OISTE Client Root RSA G1
        + OISTE Server Root ECC G1
        + OISTE Server Root RSA G1
        + SwissSign RSA SMIME Root CA 2022 - 1
        + SwissSign RSA TLS Root CA 2022 - 1
        + TrustAsia SMIME ECC Root CA
        + TrustAsia SMIME RSA Root CA
        + TrustAsia TLS ECC Root CA
        + TrustAsia TLS RSA Root CA
- reenable the distrusted certs again. the distrust is only for certs
  issued after the distrust date, not for all certs of a CA.
  

The following package changes have been done:

- ca-certificates-mozilla-2.84-150200.44.1 updated
- container:sles15-ltss-image-15.4.0-6.11 updated

More information about the sle-container-updates mailing list