Recommended update for ca-certificates-mozilla

Announcement ID:	SUSE-RU-2022:3253-1
Rating:	moderate
References:	bsc#1181994 bsc#1188006 bsc#1199079 bsc#1202868
Affected Products:	SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15 LTSS 15 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1 SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 LTSS 15 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 SUSE Linux Enterprise Server ESPOS 15 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1

An update that has four fixes can now be installed.

Description:

This update for ca-certificates-mozilla fixes the following issues:

Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)

• Added:

• Certainly Root E1

• Certainly Root R1
• DigiCert SMIME ECC P384 Root G5
• DigiCert SMIME RSA4096 Root G5
• DigiCert TLS ECC P384 Root G5
• DigiCert TLS RSA4096 Root G5
• E-Tugra Global Root CA ECC v3

• E-Tugra Global Root CA RSA v3

• Removed:

• Hellenic Academic and Research Institutions RootCA 2011

Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)

• Added:

• Autoridad de Certificacion Firmaprofesional CIF A62634068

• D-TRUST BR Root CA 1 2020
• D-TRUST EV Root CA 1 2020
• GlobalSign ECC Root CA R4
• GTS Root R1
• GTS Root R2
• GTS Root R3
• GTS Root R4
• HiPKI Root CA - G1
• ISRG Root X2
• Telia Root CA v2
• vTrus ECC Root CA

• vTrus Root CA

• Removed:

• Cybertrust Global Root

• DST Root CA X3
• DigiNotar PKIoverheid CA Organisatie - G2
• GlobalSign ECC Root CA R4
• GlobalSign Root CA R2
• GTS Root R1
• GTS Root R2
• GTS Root R3
• GTS Root R4

Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)

• Added CAs:

• HARICA Client ECC Root CA 2021

• HARICA Client RSA Root CA 2021
• HARICA TLS ECC Root CA 2021
• HARICA TLS RSA Root CA 2021
• TunTrust Root CA

Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)

• Added new root CAs:

• NAVER Global Root Certification Authority

• Removed old root CAs:

• GeoTrust Global CA

• GeoTrust Primary Certification Authority
• GeoTrust Primary Certification Authority - G3
• GeoTrust Universal CA
• GeoTrust Universal CA 2
• thawte Primary Root CA
• thawte Primary Root CA - G2
• thawte Primary Root CA - G3
• VeriSign Class 3 Public Primary Certification Authority - G4
• VeriSign Class 3 Public Primary Certification Authority - G5

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server ESPOS 15
  zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3253=1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15
  zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3253=1
• SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3253=1
• SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3253=1
• SUSE Linux Enterprise Server 15 LTSS 15
  zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3253=1
• SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3253=1
• SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3253=1
• SUSE Linux Enterprise Server for SAP Applications 15
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3253=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP1
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3253=1
• SUSE Enterprise Storage 6
  zypper in -t patch SUSE-Storage-6-2022-3253=1
• SUSE CaaS Platform 4.0
  To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.

Package List:

• SUSE Linux Enterprise Server ESPOS 15 (noarch)
  • ca-certificates-mozilla-2.56-150000.4.35.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (noarch)
  • ca-certificates-mozilla-2.56-150000.4.35.1
• SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1 (noarch)
  • ca-certificates-mozilla-2.56-150000.4.35.1
• SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch)
  • ca-certificates-mozilla-2.56-150000.4.35.1
• SUSE Linux Enterprise Server 15 LTSS 15 (noarch)
  • ca-certificates-mozilla-2.56-150000.4.35.1
• SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 (noarch)
  • ca-certificates-mozilla-2.56-150000.4.35.1
• SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch)
  • ca-certificates-mozilla-2.56-150000.4.35.1
• SUSE Linux Enterprise Server for SAP Applications 15 (noarch)
  • ca-certificates-mozilla-2.56-150000.4.35.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch)
  • ca-certificates-mozilla-2.56-150000.4.35.1
• SUSE Enterprise Storage 6 (noarch)
  • ca-certificates-mozilla-2.56-150000.4.35.1
• SUSE CaaS Platform 4.0 (noarch)
  • ca-certificates-mozilla-2.56-150000.4.35.1

References:

• https://bugzilla.suse.com/show_bug.cgi?id=1181994
• https://bugzilla.suse.com/show_bug.cgi?id=1188006
• https://bugzilla.suse.com/show_bug.cgi?id=1199079
• https://bugzilla.suse.com/show_bug.cgi?id=1202868