openSUSE Security Update: ca-certificates-mozilla: add, remove or blacklist some certificates ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1870-1 Rating: important References: #854163 #854367 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: The Mozilla CA certificates package was updated to match the current Mozilla revision 1.95 of certdata.txt. It blacklists some misused certificate authorities, adds some new and adjusts some others. On openSUSE 13.1 a problem with names was also fixed. * distrust: AC DG Tresor SSL (bnc#854367) * new: CA_Disig_Root_R1:2.9.0.195.3.154.238.80.144.110.40.crt server auth, code signing, email signing * new: CA_Disig_Root_R2:2.9.0.146.184.136.219.176.138.193.99.crt server auth, code signing, email signing * new: China_Internet_Network_Information_Center_EV_Certificates_Ro ot:2.4.72.159.0.1.crt server auth * changed: Digital_Signature_Trust_Co._Global_CA_1:2.4.54.112.21.150.cr t removed code signing and server auth abilities * changed: Digital_Signature_Trust_Co._Global_CA_3:2.4.54.110.211.206.c rt removed code signing and server auth abilities * new: D-TRUST_Root_Class_3_CA_2_2009:2.3.9.131.243.crt server auth * new: D-TRUST_Root_Class_3_CA_2_EV_2009:2.3.9.131.244.crt server auth * removed: Equifax_Secure_eBusiness_CA_2:2.4.55.112.207.181.crt * new: PSCProcert:2.1.11.crt server auth, code signing, email signing * new: Swisscom_Root_CA_2:2.16.30.158.40.232.72.242.229.239.195.124 .74.30.90.24.103.182.crt server auth, code signing, email signing * new: Swisscom_Root_EV_CA_2:2.17.0.242.250.100.226.116.99.211.141. 253.16.29.4.31.118.202.88.crt server auth, code signing * changed: TC_TrustCenter_Universal_CA_III:2.14.99.37.0.1.0.2.20.141.51 .21.2.228.108.244.crt removed all abilities * new: TURKTRUST_Certificate_Services_Provider_Root_2007:2.1.1.crt server auth, code signing * changed: TWCA_Root_Certification_Authority:2.1.1.crt added code signing ability Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2013-171 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (noarch): ca-certificates-mozilla-1.95-17.1 References: https://bugzilla.novell.com/854163 https://bugzilla.novell.com/854367