SUSE Security Update: Security update for openssl-certs
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0025-1
Rating:             important
References:         #796628 #854367 
Affected Products:
                    SUSE Linux Enterprise Server 11 SP3 for VMware
                    SUSE Linux Enterprise Server 11 SP3
                    SUSE Linux Enterprise Server 11 SP2 for VMware
                    SUSE Linux Enterprise Server 11 SP2
                    SUSE Linux Enterprise Desktop 11 SP3
                    SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________

   An update that contains security fixes can now be
   installed. It includes one version update.

Description:


   openssl-certs was updated with the current certificate data
   available from  mozilla.org.

   Changes:

   *

   Updated certificates to revision 1.95

   Distrust a sub-ca that issued google.com
   certificates. "Distrusted AC DG Tresor SSL" (bnc#854367)

   Many CA updates from Mozilla:

   * new:
   CA_Disig_Root_R1:2.9.0.195.3.154.238.80.144.110.40.crt
   server auth, code signing, email signing
   * new:
   CA_Disig_Root_R2:2.9.0.146.184.136.219.176.138.193.99.crt
   server auth, code signing, email signing
   * new:
   China_Internet_Network_Information_Center_EV_Certificates_Ro
   ot:2.4.72.159.0.1.crt server auth
   * changed:
   Digital_Signature_Trust_Co._Global_CA_1:2.4.54.112.21.150.cr
   t removed code signing and server auth abilities
   * changed:
   Digital_Signature_Trust_Co._Global_CA_3:2.4.54.110.211.206.c
   rt removed code signing and server auth abilities
   * new: D-TRUST_Root_Class_3_CA_2_2009:2.3.9.131.243.crt
   server auth
   * new:
   D-TRUST_Root_Class_3_CA_2_EV_2009:2.3.9.131.244.crt server
   auth
   * removed:
   Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.185.102.
   crt
   * new:
   Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.222.248.
   crt
   * removed:
   Equifax_Secure_eBusiness_CA_2:2.4.55.112.207.181.crt
   * new: PSCProcert:2.1.11.crt server auth, code signing,
   email signing
   * new:
   Swisscom_Root_CA_2:2.16.30.158.40.232.72.242.229.239.195.124
   .74.30.90.24.103.182.crt server auth, code signing, email
   signing
   * new:
   Swisscom_Root_EV_CA_2:2.17.0.242.250.100.226.116.99.211.141.
   253.16.29.4.31.118.202.88.crt server auth, code signing
   * changed:
   TC_TrustCenter_Universal_CA_III:2.14.99.37.0.1.0.2.20.141.51
   .21.2.228.108.244.crt removed all abilities
   * new:
   TURKTRUST_Certificate_Services_Provider_Root_2007:2.1.1.crt
   server auth, code signing
   * changed: TWCA_Root_Certification_Authority:2.1.1.crt
   added code signing ability
   * new "EE Certification Centre Root CA"
   * new "T-TeleSec GlobalRoot Class 3"
   * revoke mis-issued intermediate CAs from TURKTRUST.


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11 SP3 for VMware:

      zypper in -t patch slessp3-openssl-certs-8682

   - SUSE Linux Enterprise Server 11 SP3:

      zypper in -t patch slessp3-openssl-certs-8682

   - SUSE Linux Enterprise Server 11 SP2 for VMware:

      zypper in -t patch slessp2-openssl-certs-8681

   - SUSE Linux Enterprise Server 11 SP2:

      zypper in -t patch slessp2-openssl-certs-8681

   - SUSE Linux Enterprise Desktop 11 SP3:

      zypper in -t patch sledsp3-openssl-certs-8682

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-openssl-certs-8681

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11 SP3 for VMware (noarch) [New Version: 1.95]:

      openssl-certs-1.95-0.4.1

   - SUSE Linux Enterprise Server 11 SP3 (noarch) [New Version: 1.95]:

      openssl-certs-1.95-0.4.1

   - SUSE Linux Enterprise Server 11 SP2 for VMware (noarch) [New Version: 1.95]:

      openssl-certs-1.95-0.4.1

   - SUSE Linux Enterprise Server 11 SP2 (noarch) [New Version: 1.95]:

      openssl-certs-1.95-0.4.1

   - SUSE Linux Enterprise Desktop 11 SP3 (noarch) [New Version: 1.95]:

      openssl-certs-1.95-0.4.1

   - SUSE Linux Enterprise Desktop 11 SP2 (noarch) [New Version: 1.95]:

      openssl-certs-1.95-0.4.1


References:

   https://bugzilla.novell.com/796628
   https://bugzilla.novell.com/854367
   https://login.microfocus.com/nidp/app/login
   https://login.microfocus.com/nidp/app/login