Fedora 21: ca-certificates Security Update

    Date13 Apr 2015
    CategoryFedora
    146
    Posted ByLinuxSecurity Advisories
    This is an update to the set of CA certificates released with NSS version 3.18 However, the package modifies the CA list to keep several legacy CAs still trusted for compatibility reasons. Please refer to the project URL for details. If you prefer to use the unchanged list provided by Mozilla, and if you accept any compatibility issues it may cause, an administrator may configure the system by exe [More...]
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2015-4711
    2015-03-26 16:50:15
    --------------------------------------------------------------------------------
    
    Name        : ca-certificates
    Product     : Fedora 21
    Version     : 2015.2.3
    Release     : 1.0.fc21
    URL         : https://fedoraproject.org/wiki/CA-Certificates
    Summary     : The Mozilla CA root certificate bundle
    Description :
    This package contains the set of CA certificates chosen by the
    Mozilla Foundation for use with the Internet PKI.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    This is an update to the set of CA certificates released with NSS version 3.18
    
    However, the package modifies the CA list to keep several legacy CAs still trusted for compatibility reasons. Please refer to the project URL for details.
    
    If you prefer to use the unchanged list provided by Mozilla, and if you accept any compatibility issues it may cause, an administrator may configure the system by executing the "ca-legacy disable" command.
    
    This update corrects the Fedora legacy classification of four root CA certificates, which had trust added or removed in the upstream 2.1 and 2.2 releases.
    
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Tue Mar 24 2015 Kai Engert  - 2015.2.3-1.0
    - Update to CKBI 2.3 from NSS 3.18 with legacy modifications
    - Fixed a mistake in the legacy handling of the upstream 2.2 release:
      Removed two AOL certificates from the legacy group, because
      upstream didn't remove them as part of phasing out 1024-bit
      certificates, which means it isn't necessary to keep them.
    - Fixed a mistake in the legacy handling of the upstream 2.1 release:
      Moved two NetLock certificates into the legacy group.
    * Tue Dec 16 2014 Kai Engert  - 2014.2.2-1.0
    - Update to CKBI 2.2 from NSS 3.17.3 with legacy modifications
    - Update project URL
    - Cleanup
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1205305 - Update to version 2.3 as released with NSS 3.18
            https://bugzilla.redhat.com/show_bug.cgi?id=1205305
      [ 2 ] Bug #1205302 - Fix the legacy CA inclusions of upstream 2.1 and 2.2
            https://bugzilla.redhat.com/show_bug.cgi?id=1205302
    --------------------------------------------------------------------------------
    
    This update can be installed with the "yum" update program.  Use
    su -c 'yum update ca-certificates' at the command line.
    For more information, refer to "Managing Software with yum",
    available at http://docs.fedoraproject.org/yum/.
    
    All packages are signed with the Fedora Project GPG key.  More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://admin.fedoraproject.org/mailman/listinfo/package-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.