SUSE Security Update: Security update for openssl-certs ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0025-1 Rating: important References: #796628 #854367 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. It includes one version update. Description: openssl-certs was updated with the current certificate data available from mozilla.org. Changes: * Updated certificates to revision 1.95 Distrust a sub-ca that issued google.com certificates. "Distrusted AC DG Tresor SSL" (bnc#854367) Many CA updates from Mozilla: * new: CA_Disig_Root_R1:2.9.0.195.3.154.238.80.144.110.40.crt server auth, code signing, email signing * new: CA_Disig_Root_R2:2.9.0.146.184.136.219.176.138.193.99.crt server auth, code signing, email signing * new: China_Internet_Network_Information_Center_EV_Certificates_Ro ot:2.4.72.159.0.1.crt server auth * changed: Digital_Signature_Trust_Co._Global_CA_1:2.4.54.112.21.150.cr t removed code signing and server auth abilities * changed: Digital_Signature_Trust_Co._Global_CA_3:2.4.54.110.211.206.c rt removed code signing and server auth abilities * new: D-TRUST_Root_Class_3_CA_2_2009:2.3.9.131.243.crt server auth * new: D-TRUST_Root_Class_3_CA_2_EV_2009:2.3.9.131.244.crt server auth * removed: Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.185.102. crt * new: Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.222.248. crt * removed: Equifax_Secure_eBusiness_CA_2:2.4.55.112.207.181.crt * new: PSCProcert:2.1.11.crt server auth, code signing, email signing * new: Swisscom_Root_CA_2:2.16.30.158.40.232.72.242.229.239.195.124 .74.30.90.24.103.182.crt server auth, code signing, email signing * new: Swisscom_Root_EV_CA_2:2.17.0.242.250.100.226.116.99.211.141. 253.16.29.4.31.118.202.88.crt server auth, code signing * changed: TC_TrustCenter_Universal_CA_III:2.14.99.37.0.1.0.2.20.141.51 .21.2.228.108.244.crt removed all abilities * new: TURKTRUST_Certificate_Services_Provider_Root_2007:2.1.1.crt server auth, code signing * changed: TWCA_Root_Certification_Authority:2.1.1.crt added code signing ability * new "EE Certification Centre Root CA" * new "T-TeleSec GlobalRoot Class 3" * revoke mis-issued intermediate CAs from TURKTRUST. Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-openssl-certs-8682 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-openssl-certs-8682 - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-openssl-certs-8681 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-openssl-certs-8681 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-openssl-certs-8682 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-openssl-certs-8681 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 1.95]: openssl-certs-1.95-0.4.1 - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 1.95]: openssl-certs-1.95-0.4.1 - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch) [New Version: 1.95]: openssl-certs-1.95-0.4.1 - SUSE Linux Enterprise Server 11 SP2 (noarch) [New Version: 1.95]: openssl-certs-1.95-0.4.1 - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 1.95]: openssl-certs-1.95-0.4.1 - SUSE Linux Enterprise Desktop 11 SP2 (noarch) [New Version: 1.95]: openssl-certs-1.95-0.4.1 References: https://bugzilla.novell.com/796628 https://bugzilla.novell.com/854367 http://download.novell.com/patch/finder/?keywords=01d9e4cf8922756e2ff6eda21c... http://download.novell.com/patch/finder/?keywords=614f90966ba2255b839d3ad76b... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org