Recommended update for ca-certificates-mozilla

Announcement ID:	SUSE-RU-2022:3112-1
Rating:	moderate
References:	bsc#1181994 bsc#1188006 bsc#1199079 bsc#1202868
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3 BCL 12-SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9

An update that has four fixes can now be installed.

Description:

This update for ca-certificates-mozilla fixes the following issues:

Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)

• Added:

• Certainly Root E1

• Certainly Root R1
• DigiCert SMIME ECC P384 Root G5
• DigiCert SMIME RSA4096 Root G5
• DigiCert TLS ECC P384 Root G5
• DigiCert TLS RSA4096 Root G5
• E-Tugra Global Root CA ECC v3

• E-Tugra Global Root CA RSA v3

• Removed:

• Hellenic Academic and Research Institutions RootCA 2011

Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)

• Added:

• Autoridad de Certificacion Firmaprofesional CIF A62634068

• D-TRUST BR Root CA 1 2020
• D-TRUST EV Root CA 1 2020
• GlobalSign ECC Root CA R4
• GTS Root R1
• GTS Root R2
• GTS Root R3
• GTS Root R4
• HiPKI Root CA - G1
• ISRG Root X2
• Telia Root CA v2
• vTrus ECC Root CA

• vTrus Root CA

• Removed:

• Cybertrust Global Root

• DST Root CA X3
• DigiNotar PKIoverheid CA Organisatie - G2
• GlobalSign ECC Root CA R4
• GlobalSign Root CA R2
• GTS Root R1
• GTS Root R2
• GTS Root R3
• GTS Root R4

Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)

• Added CAs:

• HARICA Client ECC Root CA 2021

• HARICA Client RSA Root CA 2021
• HARICA TLS ECC Root CA 2021
• HARICA TLS RSA Root CA 2021
• TunTrust Root CA

Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)

• Added new root CAs:

• NAVER Global Root Certification Authority

• Removed old root CAs:

• GeoTrust Global CA

• GeoTrust Primary Certification Authority
• GeoTrust Primary Certification Authority - G3
• GeoTrust Universal CA
• GeoTrust Universal CA 2
• thawte Primary Root CA
• thawte Primary Root CA - G2
• thawte Primary Root CA - G3
• VeriSign Class 3 Public Primary Certification Authority - G4
• VeriSign Class 3 Public Primary Certification Authority - G5

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE OpenStack Cloud 9
  zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3112=1
• SUSE OpenStack Cloud Crowbar 9
  zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3112=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP4
  zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3112=1
• SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2
  zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3112=1
• SUSE Linux Enterprise Server 12 SP3 BCL 12-SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3112=1
• SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4
  zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2022-3112=1
• SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4
  zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3112=1
• SUSE Linux Enterprise High Performance Computing 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3112=1
• SUSE Linux Enterprise Server 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3112=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5
  zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3112=1

Package List:

• SUSE OpenStack Cloud 9 (noarch)
  • ca-certificates-mozilla-2.56-12.37.1
• SUSE OpenStack Cloud Crowbar 9 (noarch)
  • ca-certificates-mozilla-2.56-12.37.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch)
  • ca-certificates-mozilla-2.56-12.37.1
• SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch)
  • ca-certificates-mozilla-2.56-12.37.1
• SUSE Linux Enterprise Server 12 SP3 BCL 12-SP3 (noarch)
  • ca-certificates-mozilla-2.56-12.37.1
• SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch)
  • ca-certificates-mozilla-2.56-12.37.1
• SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch)
  • ca-certificates-mozilla-2.56-12.37.1
• SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
  • ca-certificates-mozilla-2.56-12.37.1
• SUSE Linux Enterprise Server 12 SP5 (noarch)
  • ca-certificates-mozilla-2.56-12.37.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
  • ca-certificates-mozilla-2.56-12.37.1

References:

• https://bugzilla.suse.com/show_bug.cgi?id=1181994
• https://bugzilla.suse.com/show_bug.cgi?id=1188006
• https://bugzilla.suse.com/show_bug.cgi?id=1199079
• https://bugzilla.suse.com/show_bug.cgi?id=1202868