Security update for openssl-certs
SUSE Security Update: Security update for openssl-certs
The openssl-certs package was updated to match the
certificates contained in the Mozilla NSS 3.15.4 release.
Following changes were done to the list of root CAs:
* Distrust a sub-ca ("AC DG Tresor SSL") that issued
google.com certificates. (bnc#854367)
Many CA updates from Mozilla:
Changes from upstream version 1.96:
* Added: ACCVRAIZ1.pem (Spain) (all trusts)
* Added: SG_TRUST_SERVICES_RACINE.pem (Singapore)
(email signing only)
* Added: TWCA_Global_Root_CA.pem (Taiwanese) (all
trusts)
* Removed: Wells_Fargo_Root_CA.pem.
Changes from upstream version 1.95:
* Added:
CA_Disig_Root_R1:2.9.0.195.3.154.238.80.144.110.40.crt
(server auth, code signing, email signing)
* Added:
CA_Disig_Root_R2:2.9.0.146.184.136.219.176.138.193.99.crt
(server auth, code signing, email signing)
* Added:
China_Internet_Network_Information_Center_EV_Certificates_Ro
ot:2.4.72.159.0.1.crt (server auth)
* Changed:
Digital_Signature_Trust_Co._Global_CA_1:2.4.54.112.21.150.cr
t (removed code signing and server auth abilities)
* Changed:
Digital_Signature_Trust_Co._Global_CA_3:2.4.54.110.211.206.c
rt (removed code signing and server auth abilities)
* Added:
D-TRUST_Root_Class_3_CA_2_2009:2.3.9.131.243.crt (server
auth)
* Added:
D-TRUST_Root_Class_3_CA_2_EV_2009:2.3.9.131.244.crt (server
auth)
* Removed:
Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.185.102.
crt
* Added:
Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.222.248.
crt
* Removed:
Equifax_Secure_eBusiness_CA_2:2.4.55.112.207.181.crt
* Added: PSCProcert:2.1.11.crt (server auth, code
signing, email signing)
* Added:
Swisscom_Root_CA_2:2.16.30.158.40.232.72.242.229.239.195.124
.74.30.90.24.103.182.crt (server auth, code signing, email
signing)
* Added:
Swisscom_Root_EV_CA_2:2.17.0.242.250.100.226.116.99.211.141.
253.16.29.4.31.118.202.88.crt (server auth, code signing)
* Changed:
TC_TrustCenter_Universal_CA_III:2.14.99.37.0.1.0.2.20.141.51
.21.2.228.108.244.crt (removed all abilities)
* Added:
TURKTRUST_Certificate_Services_Provider_Root_2007:2.1.1.crt
(server auth, code signing)
* Changed: TWCA_Root_Certification_Authority:2.1.1.crt
(added code signing ability)
* Added: "EE Certification Centre Root CA"
* Added: "T-TeleSec GlobalRoot Class 3"
* Revoked mis-issued intermediate CAs from TURKTRUST.
| Announcement ID: | SUSE-SU-2014:0342-1 |
| Rating: | moderate |
| References: | #796628 #854367 #865080 |
| Affected Products: |
An update that contains security fixes can now be installed. It includes one version update.
Description:
The openssl-certs package was updated to match the
certificates contained in the Mozilla NSS 3.15.4 release.
Following changes were done to the list of root CAs:
* Distrust a sub-ca ("AC DG Tresor SSL") that issued
google.com certificates. (bnc#854367)
Many CA updates from Mozilla:
Changes from upstream version 1.96:
* Added: ACCVRAIZ1.pem (Spain) (all trusts)
* Added: SG_TRUST_SERVICES_RACINE.pem (Singapore)
(email signing only)
* Added: TWCA_Global_Root_CA.pem (Taiwanese) (all
trusts)
* Removed: Wells_Fargo_Root_CA.pem.
Changes from upstream version 1.95:
* Added:
CA_Disig_Root_R1:2.9.0.195.3.154.238.80.144.110.40.crt
(server auth, code signing, email signing)
* Added:
CA_Disig_Root_R2:2.9.0.146.184.136.219.176.138.193.99.crt
(server auth, code signing, email signing)
* Added:
China_Internet_Network_Information_Center_EV_Certificates_Ro
ot:2.4.72.159.0.1.crt (server auth)
* Changed:
Digital_Signature_Trust_Co._Global_CA_1:2.4.54.112.21.150.cr
t (removed code signing and server auth abilities)
* Changed:
Digital_Signature_Trust_Co._Global_CA_3:2.4.54.110.211.206.c
rt (removed code signing and server auth abilities)
* Added:
D-TRUST_Root_Class_3_CA_2_2009:2.3.9.131.243.crt (server
auth)
* Added:
D-TRUST_Root_Class_3_CA_2_EV_2009:2.3.9.131.244.crt (server
auth)
* Removed:
Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.185.102.
crt
* Added:
Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.222.248.
crt
* Removed:
Equifax_Secure_eBusiness_CA_2:2.4.55.112.207.181.crt
* Added: PSCProcert:2.1.11.crt (server auth, code
signing, email signing)
* Added:
Swisscom_Root_CA_2:2.16.30.158.40.232.72.242.229.239.195.124
.74.30.90.24.103.182.crt (server auth, code signing, email
signing)
* Added:
Swisscom_Root_EV_CA_2:2.17.0.242.250.100.226.116.99.211.141.
253.16.29.4.31.118.202.88.crt (server auth, code signing)
* Changed:
TC_TrustCenter_Universal_CA_III:2.14.99.37.0.1.0.2.20.141.51
.21.2.228.108.244.crt (removed all abilities)
* Added:
TURKTRUST_Certificate_Services_Provider_Root_2007:2.1.1.crt
(server auth, code signing)
* Changed: TWCA_Root_Certification_Authority:2.1.1.crt
(added code signing ability)
* Added: "EE Certification Centre Root CA"
* Added: "T-TeleSec GlobalRoot Class 3"
* Revoked mis-issued intermediate CAs from TURKTRUST.
Package List:
- SUSE Linux Enterprise Server 10 SP4 LTSS (noarch) [New Version: 1.96]:
- openssl-certs-1.96-0.18.1
References:
- https://bugzilla.novell.com/796628
- https://bugzilla.novell.com/854367
- https://bugzilla.novell.com/865080
- http://download.suse.com/patch/finder/?keywords=f7c987a3f49ff0257e2766cd50e3a0ca