Security update for ca-certificates-mozilla

Announcement ID: SUSE-SU-2023:0003-1
Rating: important
References:
Affected Products:
  • SUSE CaaS Platform 4.0
  • SUSE Enterprise Storage 6
  • SUSE Linux Enterprise High Performance Computing 15
  • SUSE Linux Enterprise High Performance Computing 15 LTSS 15
  • SUSE Linux Enterprise High Performance Computing 15 SP1
  • SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
  • SUSE Linux Enterprise Server 15
  • SUSE Linux Enterprise Server 15 LTSS 15
  • SUSE Linux Enterprise Server 15 SP1
  • SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
  • SUSE Linux Enterprise Server ESPOS 15
  • SUSE Linux Enterprise Server for SAP Applications 15
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1

An update that has two security fixes can now be installed.

Description:

This update for ca-certificates-mozilla fixes the following issues:

  • Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs:
  • Global Chambersign Root
  • EC-ACC
  • Network Solutions Certificate Authority
  • Staat der Nederlanden EV Root CA
  • SwissSign Platinum CA - G2 Added CAs:
  • DIGITALSIGN GLOBAL ROOT ECDSA CA
  • DIGITALSIGN GLOBAL ROOT RSA CA
  • Security Communication ECC RootCA1
  • Security Communication RootCA3 Changed trust:

  • TrustCor certificates only trusted up to Nov 30 (bsc#1206212)

  • Removed CAs (bsc#1206212) as most code does not handle "valid before nov 30 2022" and it is not clear how many certs were issued for SSL middleware by TrustCor:

  • TrustCor RootCert CA-1
  • TrustCor RootCert CA-2
  • TrustCor ECA-1

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server ESPOS 15
    zypper in -t patch SUSE-SLE-Product-HPC-15-2023-3=1
  • SUSE Linux Enterprise High Performance Computing 15 LTSS 15
    zypper in -t patch SUSE-SLE-Product-HPC-15-2023-3=1
  • SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3=1
  • SUSE Linux Enterprise Server 15 LTSS 15
    zypper in -t patch SUSE-SLE-Product-SLES-15-2023-3=1
  • SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3=1
  • SUSE Linux Enterprise Server for SAP Applications 15
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2023-3=1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3=1
  • SUSE Enterprise Storage 6
    zypper in -t patch SUSE-Storage-6-2023-3=1
  • SUSE CaaS Platform 4.0
    To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.

Package List:

  • SUSE Linux Enterprise Server ESPOS 15 (noarch)
    • ca-certificates-mozilla-2.60-150000.4.38.1
  • SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (noarch)
    • ca-certificates-mozilla-2.60-150000.4.38.1
  • SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch)
    • ca-certificates-mozilla-2.60-150000.4.38.1
  • SUSE Linux Enterprise Server 15 LTSS 15 (noarch)
    • ca-certificates-mozilla-2.60-150000.4.38.1
  • SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch)
    • ca-certificates-mozilla-2.60-150000.4.38.1
  • SUSE Linux Enterprise Server for SAP Applications 15 (noarch)
    • ca-certificates-mozilla-2.60-150000.4.38.1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch)
    • ca-certificates-mozilla-2.60-150000.4.38.1
  • SUSE Enterprise Storage 6 (noarch)
    • ca-certificates-mozilla-2.60-150000.4.38.1
  • SUSE CaaS Platform 4.0 (noarch)
    • ca-certificates-mozilla-2.60-150000.4.38.1

References: