Recommended update for ca-certificates-mozilla
| Announcement ID: | SUSE-RU-2018:0375-1 |
|---|---|
| Rating: | moderate |
| References: | |
| Affected Products: |
|
An update that has three fixes can now be installed.
Description:
This update for ca-certificates-mozilla fixes the following issues:
The system SSL root certificate store was updated to Mozilla certificate version 2.22 from January 2018. (bsc#1071152 bsc#1071390 bsc#1010996)
We removed the old 1024 bit legacy CAs that were temporary left in to allow in-chain root certificates as openssl is now able to handle it.
Further changes coming from Mozilla:
-
New Root CAs added:
-
Amazon Root CA 1: (email protection, server auth)
- Amazon Root CA 2: (email protection, server auth)
- Amazon Root CA 3: (email protection, server auth)
- Amazon Root CA 4: (email protection, server auth)
- Certplus Root CA G1: (email protection, server auth)
- Certplus Root CA G2: (email protection, server auth)
- D-TRUST Root CA 3 2013: (email protection)
- GDCA TrustAUTH R5 ROOT: (server auth)
- Hellenic Academic and Research Institutions ECC RootCA 2015: (email protection, server auth)
- Hellenic Academic and Research Institutions RootCA 2015: (email protection, server auth)
- ISRG Root X1: (server auth)
- LuxTrust Global Root 2: (server auth)
- OpenTrust Root CA G1: (email protection, server auth)
- OpenTrust Root CA G2: (email protection, server auth)
- OpenTrust Root CA G3: (email protection, server auth)
- SSL.com EV Root Certification Authority ECC: (server auth)
- SSL.com EV Root Certification Authority RSA R2: (server auth)
- SSL.com Root Certification Authority ECC: (email protection, server auth)
- SSL.com Root Certification Authority RSA: (email protection, server auth)
- Symantec Class 1 Public Primary Certification Authority - G4: (email protection)
- Symantec Class 1 Public Primary Certification Authority - G6: (email protection)
- Symantec Class 2 Public Primary Certification Authority - G4: (email protection)
- Symantec Class 2 Public Primary Certification Authority - G6: (email protection)
- TrustCor ECA-1: (email protection, server auth)
- TrustCor RootCert CA-1: (email protection, server auth)
- TrustCor RootCert CA-2: (email protection, server auth)
-
TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1: (server auth)
-
Removed root CAs:
-
AddTrust Public Services Root
- AddTrust Public CA Root
- AddTrust Qualified CA Root
- ApplicationCA - Japanese Government
- Buypass Class 2 CA 1
- CA Disig Root R1
- CA WoSign ECC Root
- Certification Authority of WoSign G2
- Certinomis - Autorité Racine
- Certum Root CA
- China Internet Network Information Center EV Certificates Root
- CNNIC ROOT
- Comodo Secure Services root
- Comodo Trusted Services root
- ComSign Secured CA
- EBG Elektronik Sertifika Hizmet Sağlayıcısı
- Equifax Secure CA
- Equifax Secure eBusiness CA 1
- Equifax Secure Global eBusiness CA
- GeoTrust Global CA 2
- IGC/A
- Juur-SK
- Microsec e-Szigno Root CA
- PSCProcert
- Root CA Generalitat Valenciana
- RSA Security 2048 v3
- Security Communication EV RootCA1
- Sonera Class 1 Root CA
- StartCom Certification Authority
- StartCom Certification Authority G2
- S-TRUST Authentication and Encryption Root CA 2005 PN
- Swisscom Root CA 1
- Swisscom Root EV CA 2
- TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3
- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
- TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
- UTN USERFirst Hardware Root CA
- UTN USERFirst Object Root CA
- VeriSign Class 3 Secure Server CA - G2
- Verisign Class 1 Public Primary Certification Authority
- Verisign Class 2 Public Primary Certification Authority - G2
- Verisign Class 3 Public Primary Certification Authority
- WellsSecure Public Root Certificate Authority
- Certification Authority of WoSign
-
WoSign China
-
Removed Code Signing rights from a lot of CAs (not listed here).
-
Removed Server Auth rights from:
-
AddTrust Low-Value Services Root
- Camerfirma Chambers of Commerce Root
- Camerfirma Global Chambersign Root
- Swisscom Root CA 2
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE OpenStack Cloud 6
zypper in -t patch SUSE-OpenStack-Cloud-6-2018-265=1 -
Magnum Orchestration 7
zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-265=1 -
SUSE Linux Enterprise Desktop 12 SP2
zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2018-265=1 -
SUSE Linux Enterprise Desktop 12 SP3
zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-265=1 -
SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2
zypper in -t patch SUSE-SLE-RPI-12-SP2-2018-265=1 -
SUSE Linux Enterprise Server for SAP Applications 12 SP1
zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-265=1 -
SUSE Linux Enterprise Server 12 LTSS 12
zypper in -t patch SUSE-SLE-SERVER-12-2018-265=1 -
SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-265=1 -
SUSE Linux Enterprise High Performance Computing 12 SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-265=1 -
SUSE Linux Enterprise Server 12 SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-265=1 -
SUSE Linux Enterprise Server for SAP Applications 12 SP2
zypper in -t patch SUSE-SLE-SERVER-12-SP2-2018-265=1 -
SUSE Linux Enterprise Server 12 SP3
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-265=1 -
SUSE Linux Enterprise High Performance Computing 12 SP3
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-265=1 -
SUSE Linux Enterprise Server for SAP Applications 12 SP3
zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-265=1 -
SUSE Container as a Service Platform 2.0
To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. -
SUSE Container as a Service Platform 1.0
To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.
Package List:
-
SUSE OpenStack Cloud 6 (noarch)
- ca-certificates-mozilla-2.22-12.3.1
-
Magnum Orchestration 7 (noarch)
- ca-certificates-mozilla-2.22-12.3.1
-
SUSE Linux Enterprise Desktop 12 SP2 (noarch)
- ca-certificates-mozilla-2.22-12.3.1
-
SUSE Linux Enterprise Desktop 12 SP3 (noarch)
- ca-certificates-mozilla-2.22-12.3.1
-
SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 (noarch)
- ca-certificates-mozilla-2.22-12.3.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP1 (noarch)
- ca-certificates-mozilla-2.22-12.3.1
-
SUSE Linux Enterprise Server 12 LTSS 12 (noarch)
- ca-certificates-mozilla-2.22-12.3.1
-
SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (noarch)
- ca-certificates-mozilla-2.22-12.3.1
-
SUSE Linux Enterprise High Performance Computing 12 SP2 (noarch)
- ca-certificates-mozilla-2.22-12.3.1
-
SUSE Linux Enterprise Server 12 SP2 (noarch)
- ca-certificates-mozilla-2.22-12.3.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP2 (noarch)
- ca-certificates-mozilla-2.22-12.3.1
-
SUSE Linux Enterprise Server 12 SP3 (noarch)
- ca-certificates-mozilla-2.22-12.3.1
-
SUSE Linux Enterprise High Performance Computing 12 SP3 (noarch)
- ca-certificates-mozilla-2.22-12.3.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP3 (noarch)
- ca-certificates-mozilla-2.22-12.3.1
-
SUSE Container as a Service Platform 2.0 (noarch)
- ca-certificates-mozilla-2.22-12.3.1
-
SUSE Container as a Service Platform 1.0 (noarch)
- ca-certificates-mozilla-2.22-12.3.1