Enhancement Advisory ca-certificates enhancement update

Advisory: RHEA-2013:1596-1
Type: Product Enhancement Advisory
Severity: N/A
Issued on: 2013-11-20
Last updated on: 2013-11-20
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)

Details

Updated ca-certificates packages that add various enhancements are now available
for Red Hat Enterprise Linux 6.

The ca-certificates package contains a set of CA certificates chosen by the
Mozilla Foundation for use with the Internet Public Key Infrastructure (PKI).

The ca-certificates package has been upgraded to upstream version 1.94 as
released with NSS version 3.15, which provides an updated set of recent
Certificate Authorities according to the Mozilla CA Certificate Policy. Also,
the update-ca-trust configuration management tool has been added. (BZ#973727,
BZ#1002646)

This update also adds the following enhancement:

* This update provides Shared System Certificate Authority storage, a
system-wide trust storage for configuration data, required as an input for
certificate trust decisions. This is a functionally compatible replacement for
classic Certificate Authority configuration files and for the libnssckbi NSS
trust module. This feature must be explicitly enabled by an administrator. Refer
to the update-ca-trust man page in the ca-certificates package for a more
detailed description of the feature. (BZ#544376)

Users of ca-certificates are advised to upgrade to these updated packages, which
add these enhancements.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
ca-certificates-2013.1.94-65.0.el6.src.rpm
File outdated by:  RHEA-2017:1432
    MD5: 7ac84a0904f1bb7cebae49af2b6231fa
SHA-256: deee7fdfa6e0895fba4f82991dd273dbf3bf0e2ae728ed23a74b4c3a762d3e67
 
IA-32:
ca-certificates-2013.1.94-65.0.el6.noarch.rpm
File outdated by:  RHEA-2017:1432
    MD5: 58a98286b33ca8c7447276d4142d7ae3
SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50
 
x86_64:
ca-certificates-2013.1.94-65.0.el6.noarch.rpm
File outdated by:  RHEA-2017:1432
    MD5: 58a98286b33ca8c7447276d4142d7ae3
SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
ca-certificates-2013.1.94-65.0.el6.src.rpm
File outdated by:  RHEA-2017:1432
    MD5: 7ac84a0904f1bb7cebae49af2b6231fa
SHA-256: deee7fdfa6e0895fba4f82991dd273dbf3bf0e2ae728ed23a74b4c3a762d3e67
 
x86_64:
ca-certificates-2013.1.94-65.0.el6.noarch.rpm
File outdated by:  RHEA-2017:1432
    MD5: 58a98286b33ca8c7447276d4142d7ae3
SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
ca-certificates-2013.1.94-65.0.el6.src.rpm
File outdated by:  RHEA-2017:1432
    MD5: 7ac84a0904f1bb7cebae49af2b6231fa
SHA-256: deee7fdfa6e0895fba4f82991dd273dbf3bf0e2ae728ed23a74b4c3a762d3e67
 
IA-32:
ca-certificates-2013.1.94-65.0.el6.noarch.rpm
File outdated by:  RHEA-2017:1432
    MD5: 58a98286b33ca8c7447276d4142d7ae3
SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50
 
PPC:
ca-certificates-2013.1.94-65.0.el6.noarch.rpm
File outdated by:  RHEA-2017:1432
    MD5: 58a98286b33ca8c7447276d4142d7ae3
SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50
 
s390x:
ca-certificates-2013.1.94-65.0.el6.noarch.rpm
File outdated by:  RHEA-2017:1432
    MD5: 58a98286b33ca8c7447276d4142d7ae3
SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50
 
x86_64:
ca-certificates-2013.1.94-65.0.el6.noarch.rpm
File outdated by:  RHEA-2017:1432
    MD5: 58a98286b33ca8c7447276d4142d7ae3
SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
ca-certificates-2013.1.94-65.0.el6.src.rpm
File outdated by:  RHEA-2017:1432
    MD5: 7ac84a0904f1bb7cebae49af2b6231fa
SHA-256: deee7fdfa6e0895fba4f82991dd273dbf3bf0e2ae728ed23a74b4c3a762d3e67
 
IA-32:
ca-certificates-2013.1.94-65.0.el6.noarch.rpm
File outdated by:  RHEA-2017:1432
    MD5: 58a98286b33ca8c7447276d4142d7ae3
SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50
 
x86_64:
ca-certificates-2013.1.94-65.0.el6.noarch.rpm
File outdated by:  RHEA-2017:1432
    MD5: 58a98286b33ca8c7447276d4142d7ae3
SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

973727 - Update to newer snapshot of the Mozilla root CA list in the ca-certificate rpm package


Keywords

CA, Certificates


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/