Security update for openssl-certs

SUSE Security Update: Security update for openssl-certs
Announcement ID: SUSE-SU-2014:0025-1
Rating: important
References: #796628 #854367
Affected Products:
  • SUSE Linux Enterprise Server 11 SP3 for VMware
  • SUSE Linux Enterprise Server 11 SP3
  • SUSE Linux Enterprise Server 11 SP2 for VMware
  • SUSE Linux Enterprise Server 11 SP2
  • SUSE Linux Enterprise Desktop 11 SP3
  • SUSE Linux Enterprise Desktop 11 SP2

  • An update that contains security fixes can now be installed. It includes one version update.

    Description:


    openssl-certs was updated with the current certificate data
    available from mozilla.org.

    Changes:

    *

    Updated certificates to revision 1.95

    Distrust a sub-ca that issued google.com
    certificates. "Distrusted AC DG Tresor SSL" (bnc#854367)

    Many CA updates from Mozilla:

    * new:
    CA_Disig_Root_R1:2.9.0.195.3.154.238.80.144.110.40.crt
    server auth, code signing, email signing
    * new:
    CA_Disig_Root_R2:2.9.0.146.184.136.219.176.138.193.99.crt
    server auth, code signing, email signing
    * new:
    China_Internet_Network_Information_Center_EV_Certificates_Ro
    ot:2.4.72.159.0.1.crt server auth
    * changed:
    Digital_Signature_Trust_Co._Global_CA_1:2.4.54.112.21.150.cr
    t removed code signing and server auth abilities
    * changed:
    Digital_Signature_Trust_Co._Global_CA_3:2.4.54.110.211.206.c
    rt removed code signing and server auth abilities
    * new: D-TRUST_Root_Class_3_CA_2_2009:2.3.9.131.243.crt
    server auth
    * new:
    D-TRUST_Root_Class_3_CA_2_EV_2009:2.3.9.131.244.crt server
    auth
    * removed:
    Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.185.102.
    crt
    * new:
    Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.222.248.
    crt
    * removed:
    Equifax_Secure_eBusiness_CA_2:2.4.55.112.207.181.crt
    * new: PSCProcert:2.1.11.crt server auth, code signing,
    email signing
    * new:
    Swisscom_Root_CA_2:2.16.30.158.40.232.72.242.229.239.195.124
    .74.30.90.24.103.182.crt server auth, code signing, email
    signing
    * new:
    Swisscom_Root_EV_CA_2:2.17.0.242.250.100.226.116.99.211.141.
    253.16.29.4.31.118.202.88.crt server auth, code signing
    * changed:
    TC_TrustCenter_Universal_CA_III:2.14.99.37.0.1.0.2.20.141.51
    .21.2.228.108.244.crt removed all abilities
    * new:
    TURKTRUST_Certificate_Services_Provider_Root_2007:2.1.1.crt
    server auth, code signing
    * changed: TWCA_Root_Certification_Authority:2.1.1.crt
    added code signing ability
    * new "EE Certification Centre Root CA"
    * new "T-TeleSec GlobalRoot Class 3"
    * revoke mis-issued intermediate CAs from TURKTRUST.

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Server 11 SP3 for VMware:
      zypper in -t patch slessp3-openssl-certs-8682
    • SUSE Linux Enterprise Server 11 SP3:
      zypper in -t patch slessp3-openssl-certs-8682
    • SUSE Linux Enterprise Server 11 SP2 for VMware:
      zypper in -t patch slessp2-openssl-certs-8681
    • SUSE Linux Enterprise Server 11 SP2:
      zypper in -t patch slessp2-openssl-certs-8681
    • SUSE Linux Enterprise Desktop 11 SP3:
      zypper in -t patch sledsp3-openssl-certs-8682
    • SUSE Linux Enterprise Desktop 11 SP2:
      zypper in -t patch sledsp2-openssl-certs-8681

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 1.95]:
    • openssl-certs-1.95-0.4.1
    • SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 1.95]:
    • openssl-certs-1.95-0.4.1
    • SUSE Linux Enterprise Server 11 SP2 for VMware (noarch) [New Version: 1.95]:
    • openssl-certs-1.95-0.4.1
    • SUSE Linux Enterprise Server 11 SP2 (noarch) [New Version: 1.95]:
    • openssl-certs-1.95-0.4.1
    • SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 1.95]:
    • openssl-certs-1.95-0.4.1
    • SUSE Linux Enterprise Desktop 11 SP2 (noarch) [New Version: 1.95]:
    • openssl-certs-1.95-0.4.1

    References:

    • https://bugzilla.novell.com/796628
    • https://bugzilla.novell.com/854367
    • http://download.suse.com/patch/finder/?keywords=01d9e4cf8922756e2ff6eda21c67ab47
    • http://download.suse.com/patch/finder/?keywords=614f90966ba2255b839d3ad76b087c11