SUSE-SU-2014:0025-1: important: Security update for openssl-certs
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Jan 6 17:04:10 MST 2014
SUSE Security Update: Security update for openssl-certs
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0025-1
Rating: important
References: #796628 #854367
Affected Products:
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________
An update that contains security fixes can now be
installed. It includes one version update.
Description:
openssl-certs was updated with the current certificate data
available from mozilla.org.
Changes:
*
Updated certificates to revision 1.95
Distrust a sub-ca that issued google.com
certificates. "Distrusted AC DG Tresor SSL" (bnc#854367)
Many CA updates from Mozilla:
* new:
CA_Disig_Root_R1:2.9.0.195.3.154.238.80.144.110.40.crt
server auth, code signing, email signing
* new:
CA_Disig_Root_R2:2.9.0.146.184.136.219.176.138.193.99.crt
server auth, code signing, email signing
* new:
China_Internet_Network_Information_Center_EV_Certificates_Ro
ot:2.4.72.159.0.1.crt server auth
* changed:
Digital_Signature_Trust_Co._Global_CA_1:2.4.54.112.21.150.cr
t removed code signing and server auth abilities
* changed:
Digital_Signature_Trust_Co._Global_CA_3:2.4.54.110.211.206.c
rt removed code signing and server auth abilities
* new: D-TRUST_Root_Class_3_CA_2_2009:2.3.9.131.243.crt
server auth
* new:
D-TRUST_Root_Class_3_CA_2_EV_2009:2.3.9.131.244.crt server
auth
* removed:
Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.185.102.
crt
* new:
Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.222.248.
crt
* removed:
Equifax_Secure_eBusiness_CA_2:2.4.55.112.207.181.crt
* new: PSCProcert:2.1.11.crt server auth, code signing,
email signing
* new:
Swisscom_Root_CA_2:2.16.30.158.40.232.72.242.229.239.195.124
.74.30.90.24.103.182.crt server auth, code signing, email
signing
* new:
Swisscom_Root_EV_CA_2:2.17.0.242.250.100.226.116.99.211.141.
253.16.29.4.31.118.202.88.crt server auth, code signing
* changed:
TC_TrustCenter_Universal_CA_III:2.14.99.37.0.1.0.2.20.141.51
.21.2.228.108.244.crt removed all abilities
* new:
TURKTRUST_Certificate_Services_Provider_Root_2007:2.1.1.crt
server auth, code signing
* changed: TWCA_Root_Certification_Authority:2.1.1.crt
added code signing ability
* new "EE Certification Centre Root CA"
* new "T-TeleSec GlobalRoot Class 3"
* revoke mis-issued intermediate CAs from TURKTRUST.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-openssl-certs-8682
- SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-openssl-certs-8682
- SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-openssl-certs-8681
- SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-openssl-certs-8681
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-openssl-certs-8682
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp2-openssl-certs-8681
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 1.95]:
openssl-certs-1.95-0.4.1
- SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 1.95]:
openssl-certs-1.95-0.4.1
- SUSE Linux Enterprise Server 11 SP2 for VMware (noarch) [New Version: 1.95]:
openssl-certs-1.95-0.4.1
- SUSE Linux Enterprise Server 11 SP2 (noarch) [New Version: 1.95]:
openssl-certs-1.95-0.4.1
- SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 1.95]:
openssl-certs-1.95-0.4.1
- SUSE Linux Enterprise Desktop 11 SP2 (noarch) [New Version: 1.95]:
openssl-certs-1.95-0.4.1
References:
https://bugzilla.novell.com/796628
https://bugzilla.novell.com/854367
http://download.novell.com/patch/finder/?keywords=01d9e4cf8922756e2ff6eda21c67ab47
http://download.novell.com/patch/finder/?keywords=614f90966ba2255b839d3ad76b087c11
More information about the sle-security-updates
mailing list