Recommended update for ca-certificates-mozilla

Announcement ID: SUSE-RU-2022:3395-1
Rating: moderate
References:
Affected Products:
  • Basesystem Module 15-SP3
  • Basesystem Module 15-SP4
  • Development Tools Module 15-SP3
  • Development Tools Module 15-SP4
  • openSUSE Leap 15.4
  • SUSE Enterprise Storage 7
  • SUSE Linux Enterprise Desktop 15 SP3
  • SUSE Linux Enterprise Desktop 15 SP4
  • SUSE Linux Enterprise High Performance Computing 15 SP2
  • SUSE Linux Enterprise High Performance Computing 15 SP2 ESPOS 15-SP2
  • SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
  • SUSE Linux Enterprise High Performance Computing 15 SP3
  • SUSE Linux Enterprise High Performance Computing 15 SP4
  • SUSE Linux Enterprise Micro 5.1
  • SUSE Linux Enterprise Micro 5.2
  • SUSE Linux Enterprise Micro for Rancher 5.2
  • SUSE Linux Enterprise Real Time 15 SP3
  • SUSE Linux Enterprise Real Time 15 SP4
  • SUSE Linux Enterprise Server 15 SP2
  • SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2
  • SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
  • SUSE Linux Enterprise Server 15 SP3
  • SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3
  • SUSE Linux Enterprise Server 15 SP4
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2
  • SUSE Linux Enterprise Server for SAP Applications 15 SP3
  • SUSE Linux Enterprise Server for SAP Applications 15 SP4
  • SUSE Manager Proxy 4.1
  • SUSE Manager Proxy 4.2
  • SUSE Manager Proxy 4.3
  • SUSE Manager Retail Branch Server 4.1
  • SUSE Manager Retail Branch Server 4.2
  • SUSE Manager Retail Branch Server 4.3
  • SUSE Manager Server 4.1
  • SUSE Manager Server 4.2
  • SUSE Manager Server 4.3

An update that has four fixes can now be installed.

Description:

This update for ca-certificates-mozilla fixes the following issues:

Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)

  • Added:

  • Certainly Root E1

  • Certainly Root R1
  • DigiCert SMIME ECC P384 Root G5
  • DigiCert SMIME RSA4096 Root G5
  • DigiCert TLS ECC P384 Root G5
  • DigiCert TLS RSA4096 Root G5
  • E-Tugra Global Root CA ECC v3

  • E-Tugra Global Root CA RSA v3

  • Removed:

  • Hellenic Academic and Research Institutions RootCA 2011

Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)

  • Added:

  • Autoridad de Certificacion Firmaprofesional CIF A62634068

  • D-TRUST BR Root CA 1 2020
  • D-TRUST EV Root CA 1 2020
  • GlobalSign ECC Root CA R4
  • GTS Root R1
  • GTS Root R2
  • GTS Root R3
  • GTS Root R4
  • HiPKI Root CA - G1
  • ISRG Root X2
  • Telia Root CA v2
  • vTrus ECC Root CA

  • vTrus Root CA

  • Removed:

  • Cybertrust Global Root

  • DST Root CA X3
  • DigiNotar PKIoverheid CA Organisatie - G2
  • GlobalSign ECC Root CA R4
  • GlobalSign Root CA R2
  • GTS Root R1
  • GTS Root R2
  • GTS Root R3
  • GTS Root R4

Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)

  • Added:

  • HARICA Client ECC Root CA 2021

  • HARICA Client RSA Root CA 2021
  • HARICA TLS ECC Root CA 2021
  • HARICA TLS RSA Root CA 2021
  • TunTrust Root CA

Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)

  • Added new root CAs:

  • NAVER Global Root Certification Authority

  • Removed old root CAs:

  • GeoTrust Global CA

  • GeoTrust Primary Certification Authority
  • GeoTrust Primary Certification Authority - G3
  • GeoTrust Universal CA
  • GeoTrust Universal CA 2
  • thawte Primary Root CA
  • thawte Primary Root CA - G2
  • thawte Primary Root CA - G3
  • VeriSign Class 3 Public Primary Certification Authority - G4
  • VeriSign Class 3 Public Primary Certification Authority - G5

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.4
    zypper in -t patch openSUSE-SLE-15.4-2022-3395=1
  • Basesystem Module 15-SP3
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3395=1
  • Basesystem Module 15-SP4
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3395=1
  • Development Tools Module 15-SP3
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3395=1
  • Development Tools Module 15-SP4
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3395=1
  • SUSE Linux Enterprise High Performance Computing 15 SP2 ESPOS 15-SP2
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3395=1
  • SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3395=1
  • SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3395=1
  • SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3395=1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3395=1
  • SUSE Manager Proxy 4.1
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3395=1
  • SUSE Manager Retail Branch Server 4.1
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3395=1
  • SUSE Manager Server 4.1
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3395=1
  • SUSE Enterprise Storage 7
    zypper in -t patch SUSE-Storage-7-2022-3395=1
  • SUSE Linux Enterprise Micro 5.1
    zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3395=1
  • SUSE Linux Enterprise Micro 5.2
    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3395=1
  • SUSE Linux Enterprise Micro for Rancher 5.2
    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3395=1

Package List:

  • openSUSE Leap 15.4 (noarch)
    • ca-certificates-mozilla-prebuilt-2.56-150200.24.1
    • ca-certificates-mozilla-2.56-150200.24.1
  • Basesystem Module 15-SP3 (noarch)
    • ca-certificates-mozilla-2.56-150200.24.1
  • Basesystem Module 15-SP4 (noarch)
    • ca-certificates-mozilla-2.56-150200.24.1
  • Development Tools Module 15-SP3 (noarch)
    • ca-certificates-mozilla-prebuilt-2.56-150200.24.1
  • Development Tools Module 15-SP4 (noarch)
    • ca-certificates-mozilla-prebuilt-2.56-150200.24.1
  • SUSE Linux Enterprise High Performance Computing 15 SP2 ESPOS 15-SP2 (noarch)
    • ca-certificates-mozilla-prebuilt-2.56-150200.24.1
    • ca-certificates-mozilla-2.56-150200.24.1
  • SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
    • ca-certificates-mozilla-prebuilt-2.56-150200.24.1
    • ca-certificates-mozilla-2.56-150200.24.1
  • SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 (noarch)
    • ca-certificates-mozilla-prebuilt-2.56-150200.24.1
    • ca-certificates-mozilla-2.56-150200.24.1
  • SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
    • ca-certificates-mozilla-prebuilt-2.56-150200.24.1
    • ca-certificates-mozilla-2.56-150200.24.1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
    • ca-certificates-mozilla-prebuilt-2.56-150200.24.1
    • ca-certificates-mozilla-2.56-150200.24.1
  • SUSE Manager Proxy 4.1 (noarch)
    • ca-certificates-mozilla-prebuilt-2.56-150200.24.1
    • ca-certificates-mozilla-2.56-150200.24.1
  • SUSE Manager Retail Branch Server 4.1 (noarch)
    • ca-certificates-mozilla-prebuilt-2.56-150200.24.1
    • ca-certificates-mozilla-2.56-150200.24.1
  • SUSE Manager Server 4.1 (noarch)
    • ca-certificates-mozilla-prebuilt-2.56-150200.24.1
    • ca-certificates-mozilla-2.56-150200.24.1
  • SUSE Enterprise Storage 7 (noarch)
    • ca-certificates-mozilla-prebuilt-2.56-150200.24.1
    • ca-certificates-mozilla-2.56-150200.24.1
  • SUSE Linux Enterprise Micro 5.1 (noarch)
    • ca-certificates-mozilla-2.56-150200.24.1
  • SUSE Linux Enterprise Micro 5.2 (noarch)
    • ca-certificates-mozilla-prebuilt-2.56-150200.24.1
    • ca-certificates-mozilla-2.56-150200.24.1
  • SUSE Linux Enterprise Micro for Rancher 5.2 (noarch)
    • ca-certificates-mozilla-prebuilt-2.56-150200.24.1
    • ca-certificates-mozilla-2.56-150200.24.1

References: