SUSE-SU-2025:20336-1: moderate: Security update for ca-certificates-mozilla

SLE-SECURITY-UPDATES null at suse.de
Thu May 29 16:35:50 UTC 2025 


# Security update for ca-certificates-mozilla

Announcement ID: SUSE-SU-2025:20336-1  
Release Date: May 21, 2025, 3:38 p.m.  
Rating: moderate  
References:

  * bsc#1010996
  * bsc#1199079
  * bsc#1229003
  * bsc#1234798
  * bsc#1240009
  * bsc#1240343
  * bsc#441356

  
Affected Products:

  * SUSE Linux Micro 6.0

  
  
An update that has seven fixes can now be installed.

## Description:

This update for ca-certificates-mozilla fixes the following issues:

  * test for a concretely missing certificate rather than just the directory, as
    the latter is now also provided by openssl-3

  * Re-create java-cacerts with SOURCE_DATE_EPOCH set for reproducible builds
    (bsc#1229003)

  * explicit remove distrusted certs, as the distrust does not get exported
    correctly and the SSL certs are still trusted. (bsc#1240343)

  * Entrust.net Premium 2048 Secure Server CA
  * Entrust Root Certification Authority
  * AffirmTrust Commercial
  * AffirmTrust Networking
  * AffirmTrust Premium
  * AffirmTrust Premium ECC
  * Entrust Root Certification Authority - G2
  * Entrust Root Certification Authority - EC1
  * GlobalSign Root E46
  * GLOBALTRUST 2020

  * pass file argument to awk (bsc#1240009)

  * update to 2.74 state of Mozilla SSL root CAs: Removed:

  * SwissSign Silver CA - G2 Added:
  * D-TRUST BR Root CA 2 2023
  * D-TRUST EV Root CA 2 2023

  * remove extensive signature printing in comments of the cert bundle

  * Define two macros to break a build cycle with p11-kit.

  * Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798) Removed:

  * SecureSign RootCA11
  * Security Communication RootCA3 Added:
  * TWCA CYBER Root CA
  * TWCA Global Root CA G2
  * SecureSign Root CA12
  * SecureSign Root CA14
  * SecureSign Root CA15

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Micro 6.0  
    zypper in -t patch SUSE-SLE-Micro-6.0-331=1

## Package List:

  * SUSE Linux Micro 6.0 (noarch)
    * ca-certificates-mozilla-2.74-1.1

## References:

  * https://bugzilla.suse.com/show_bug.cgi?id=1010996
  * https://bugzilla.suse.com/show_bug.cgi?id=1199079
  * https://bugzilla.suse.com/show_bug.cgi?id=1229003
  * https://bugzilla.suse.com/show_bug.cgi?id=1234798
  * https://bugzilla.suse.com/show_bug.cgi?id=1240009
  * https://bugzilla.suse.com/show_bug.cgi?id=1240343
  * https://bugzilla.suse.com/show_bug.cgi?id=441356

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20250529/90f1c0a7/attachment.htm>

More information about the sle-security-updates mailing list