Security update for ca-certificates-mozilla

Announcement ID: SUSE-SU-2025:20336-1
Release Date: May 21, 2025, 3:38 p.m.
Rating: moderate
References:
Affected Products:
  • SUSE Linux Micro 6.0

An update that has seven fixes can now be installed.

Description:

This update for ca-certificates-mozilla fixes the following issues:

  • test for a concretely missing certificate rather than just the directory, as the latter is now also provided by openssl-3

  • Re-create java-cacerts with SOURCE_DATE_EPOCH set for reproducible builds (bsc#1229003)

  • explicit remove distrusted certs, as the distrust does not get exported correctly and the SSL certs are still trusted. (bsc#1240343)

  • Entrust.net Premium 2048 Secure Server CA
  • Entrust Root Certification Authority
  • AffirmTrust Commercial
  • AffirmTrust Networking
  • AffirmTrust Premium
  • AffirmTrust Premium ECC
  • Entrust Root Certification Authority - G2
  • Entrust Root Certification Authority - EC1
  • GlobalSign Root E46

  • GLOBALTRUST 2020

  • pass file argument to awk (bsc#1240009)

  • update to 2.74 state of Mozilla SSL root CAs: Removed:

  • SwissSign Silver CA - G2 Added:
  • D-TRUST BR Root CA 2 2023

  • D-TRUST EV Root CA 2 2023

  • remove extensive signature printing in comments of the cert bundle

  • Define two macros to break a build cycle with p11-kit.

  • Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798) Removed:

  • SecureSign RootCA11
  • Security Communication RootCA3 Added:
  • TWCA CYBER Root CA
  • TWCA Global Root CA G2
  • SecureSign Root CA12
  • SecureSign Root CA14
  • SecureSign Root CA15

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Micro 6.0
    zypper in -t patch SUSE-SLE-Micro-6.0-331=1

Package List:

  • SUSE Linux Micro 6.0 (noarch)
    • ca-certificates-mozilla-2.74-1.1

References: