Jump to content
Compatible Support Forums
Sign in to follow this  
news

[security-announce] openSUSE-SU-2013:1891-1: important: ca-certificates-mozilla: add, remove or blacklist some certificates

Recommended Posts

openSUSE Security Update: ca-certificates-mozilla: add, remove or blacklist some certificates

______________________________________________________________________________

 

Announcement ID: openSUSE-SU-2013:1891-1

Rating: important

References: #854163 #854367

Affected Products:

openSUSE 13.1

openSUSE 12.3

openSUSE 12.2

______________________________________________________________________________

 

An update that contains security fixes can now be installed.

 

Description:

 

 

The Mozilla CA certificates package was updated to match

the current Mozilla revision 1.95 of certdata.txt.

 

It blacklists some misused certificate authorities, adds

some new and adjusts some others.

 

On openSUSE 13.1 a problem with names was also fixed.

 

* distrust: AC DG Tresor SSL (bnc#854367)

* new:

CA_Disig_Root_R1:2.9.0.195.3.154.238.80.144.110.40.crt

server auth, code signing, email signing

* new:

CA_Disig_Root_R2:2.9.0.146.184.136.219.176.138.193.99.crt

server auth, code signing, email signing

* new:

China_Internet_Network_Information_Center_EV_Certificates_Ro

ot:2.4.72.159.0.1.crt server auth

* changed:

Digital_Signature_Trust_Co._Global_CA_1:2.4.54.112.21.150.cr

t removed code signing and server auth abilities

* changed:

Digital_Signature_Trust_Co._Global_CA_3:2.4.54.110.211.206.c

rt removed code signing and server auth abilities

* new: D-TRUST_Root_Class_3_CA_2_2009:2.3.9.131.243.crt

server auth

* new: D-TRUST_Root_Class_3_CA_2_EV_2009:2.3.9.131.244.crt

server auth

* removed:

Equifax_Secure_eBusiness_CA_2:2.4.55.112.207.181.crt

* new: PSCProcert:2.1.11.crt server auth, code signing,

email signing

* new:

Swisscom_Root_CA_2:2.16.30.158.40.232.72.242.229.239.195.124

.74.30.90.24.103.182.crt server auth, code signing, email

signing

* new:

Swisscom_Root_EV_CA_2:2.17.0.242.250.100.226.116.99.211.141.

253.16.29.4.31.118.202.88.crt server auth, code signing

* changed:

TC_TrustCenter_Universal_CA_III:2.14.99.37.0.1.0.2.20.141.51

.21.2.228.108.244.crt removed all abilities

* new:

TURKTRUST_Certificate_Services_Provider_Root_2007:2.1.1.crt

server auth, code signing

* changed: TWCA_Root_Certification_Authority:2.1.1.crt

added code signing ability

 

 

Patch Instructions:

 

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- openSUSE 13.1:

 

zypper in -t patch openSUSE-2013-983

 

- openSUSE 12.3:

 

zypper in -t patch openSUSE-2013-983

 

- openSUSE 12.2:

 

zypper in -t patch openSUSE-2013-983

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- openSUSE 13.1 (noarch):

 

ca-certificates-mozilla-1.95-3.4.1

 

- openSUSE 12.3 (noarch):

 

ca-certificates-mozilla-1.95-3.4.1

 

- openSUSE 12.2 (noarch):

 

ca-certificates-mozilla-1.95-8.12.1

 

 

References:

 

https://bugzilla.novell.com/854163

https://bugzilla.novell.com/854367

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×