Mailinglist Archive: opensuse-updates (89 mails)

< Previous Next >
openSUSE-RU-2015:0119-1: moderate: Recommended update for ca-certificates-mozilla
openSUSE Recommended Update: Recommended update for ca-certificates-mozilla
______________________________________________________________________________

Announcement ID: openSUSE-RU-2015:0119-1
Rating: moderate
References: #888534
Affected Products:
openSUSE 13.2
openSUSE 13.1
______________________________________________________________________________

An update that has one recommended fix can now be installed.

Description:


The system root SSL certificates were updated to match Mozilla NSS 2.2.

Some removed/disabled 1024 bit certificates were temporarily
reenabled/readded, as openssl and gnutls have a different handling of
intermediates than mozilla nss and would otherwise not recognize SSL
certificates from sites like Amazon.

Updated to 2.2 (bnc#888534)
- The following CAs were added:
+ COMODO_RSA_Certification_Authority codeSigning emailProtection
serverAuth
+ GlobalSign_ECC_Root_CA_-_R4 codeSigning emailProtection serverAuth
+ GlobalSign_ECC_Root_CA_-_R5 codeSigning emailProtection serverAuth
+ USERTrust_ECC_Certification_Authority codeSigning emailProtection
serverAuth
+ USERTrust_RSA_Certification_Authority codeSigning emailProtection
serverAuth
+ VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal
- The following CAs were changed:
+ Equifax_Secure_eBusiness_CA_1 remote code signing and https trust,
leave email trust
+ Verisign_Class_3_Public_Primary_Certification_Authority_-_G2
only trust emailProtection
- Updated to 2.1 (bnc#888534)
- The following 1024-bit CA certificates were removed
- Entrust.net Secure Server Certification Authority
- ValiCert Class 1 Policy Validation Authority
- ValiCert Class 2 Policy Validation Authority
- ValiCert Class 3 Policy Validation Authority
- TDC Internet Root CA
- The following CA certificates were added:
- Certification Authority of WoSign
- CA 沃通根证书
- DigiCert Assured ID Root G2
- DigiCert Assured ID Root G3
- DigiCert Global Root G2
- DigiCert Global Root G3
- DigiCert Trusted Root G4
- QuoVadis Root CA 1 G3
- QuoVadis Root CA 2 G3
- QuoVadis Root CA 3 G3
- The Trust Bits were changed for the following CA certificates
- Class 3 Public Primary Certification Authority
- Class 3 Public Primary Certification Authority
- Class 2 Public Primary Certification Authority - G2
- VeriSign Class 2 Public Primary Certification Authority - G3
- AC Raíz Certicámara S.A.
- NetLock Uzleti (Class B) Tanusitvanykiado
- NetLock Expressz (Class C) Tanusitvanykiado

Temporary reenable some root ca trusts, as openssl/gnutls have trouble
using intermediates as root CA.
- GTE CyberTrust Global Root
- Thawte Server CA
- Thawte Premium Server CA
- ValiCert Class 1 VA
- ValiCert Class 2 VA
- RSA Root Certificate 1
- Entrust.net Secure Server CA
- America Online Root Certification Authority 1
- America Online Root Certification Authority 2


Patch Instructions:

To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2015-56

- openSUSE 13.1:

zypper in -t patch openSUSE-2015-56

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.2 (noarch):

ca-certificates-mozilla-2.2-3.4.1

- openSUSE 13.1 (noarch):

ca-certificates-mozilla-2.2-3.17.1


References:

https://bugzilla.suse.com/show_bug.cgi?id=888534


< Previous Next >
This Thread
  • No further messages