SUSE-SU-2014:0335-1: moderate: Security update for openssl-certs

Thu Mar 6 11:04:34 MST 2014

   SUSE Security Update: Security update for openssl-certs
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0335-1
Rating:             moderate
References:         #854367 #865080 
Affected Products:
                    SUSE Linux Enterprise Server 10 SP3 LTSS
______________________________________________________________________________

   An update that contains security fixes can now be
   installed. It includes one version update.

Description:

   The openssl-certs package was updated to match the
   certificates contained  in the Mozilla NSS 3.15.4 release.

   The following changes were done to the list of root CAs:

   Distrust a sub-ca that issued google.com certificates.
   "Distrusted AC DG  Tresor SSL" (bnc#854367)

   Lots of CA updates from Mozilla:

   Changes done in 1.96:

   * new: ACCVRAIZ1.pem (Spain) (all trusts)
   * new: SG_TRUST_SERVICES_RACINE.pem (Singapore) (email
   signing only)
   * new: TWCA_Global_Root_CA.pem (Taiwanese) (all trusts)
   * removed: Wells_Fargo_Root_CA.pem

   Changes done in 1.95:

   * new:
   CA_Disig_Root_R1:2.9.0.195.3.154.238.80.144.110.40.crt
   server auth, code signing, email signing
   * new:
   CA_Disig_Root_R2:2.9.0.146.184.136.219.176.138.193.99.crt
   server auth, code signing, email signing
   * new:
   China_Internet_Network_Information_Center_EV_Certificates_Ro
   ot:2.4.72.159.0.1.crt server auth
   * changed:
   Digital_Signature_Trust_Co._Global_CA_1:2.4.54.112.21.150.cr
   t removed code signing and server auth abilities
   * changed:
   Digital_Signature_Trust_Co._Global_CA_3:2.4.54.110.211.206.c
   rt removed code signing and server auth abilities
   * new: D-TRUST_Root_Class_3_CA_2_2009:2.3.9.131.243.crt
   server auth
   * new:
   D-TRUST_Root_Class_3_CA_2_EV_2009:2.3.9.131.244.crt server
   auth
   * removed:
   Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.185.102.
   crt
   * new:
   Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.222.248.
   crt I think the missing flags were adjusted.
   * removed:
   Equifax_Secure_eBusiness_CA_2:2.4.55.112.207.181.crt
   * new: PSCProcert:2.1.11.crt server auth, code signing,
   email signing
   * new:
   Swisscom_Root_CA_2:2.16.30.158.40.232.72.242.229.239.195.124
   .74.30.90.24.103.182.crt server auth, code signing, email
   signing
   * new:
   Swisscom_Root_EV_CA_2:2.17.0.242.250.100.226.116.99.211.141.
   253.16.29.4.31.118.202.88.crt server auth, code signing
   * changed:
   TC_TrustCenter_Universal_CA_III:2.14.99.37.0.1.0.2.20.141.51
   .21.2.228.108.244.crt removed all abilities
   * new:
   TURKTRUST_Certificate_Services_Provider_Root_2007:2.1.1.crt
   server auth, code signing
   * changed: TWCA_Root_Certification_Authority:2.1.1.crt
   added code signing ability
   * new "EE Certification Centre Root CA"
   * new "T-TeleSec GlobalRoot Class 3"
   * revoke mis-issued intermediate CAs from TURKTRUST

Package List:

   - SUSE Linux Enterprise Server 10 SP3 LTSS (noarch) [New Version: 1.96]:

      openssl-certs-1.96-0.6.1

References:

   https://bugzilla.novell.com/854367
   https://bugzilla.novell.com/865080
   http://download.novell.com/patch/finder/?keywords=f0610a9486969ce5d9a86b8f225d4c83