Skip to navigation

Security Advisory Important: ca-certificates security update

Advisory: RHSA-2011:1248-1
Type: Security Advisory
Severity: Important
Issued on: 2011-09-02
Last updated on: 2011-09-02
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.1.z)
Red Hat Enterprise Linux Workstation (v. 6)

Details

An updated ca-certificates package that fixes one security issue is now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact.

This package contains the set of CA certificates chosen by the Mozilla
Foundation for use with the Internet Public Key Infrastructure (PKI).

It was found that a Certificate Authority (CA) issued fraudulent HTTPS
certificates. This update removes that CA's root certificate from the
ca-certificates package, rendering any HTTPS certificates signed by that CA
as untrusted. (BZ#734381)

All users should upgrade to this updated package. After installing the
update, all applications using the ca-certificates package must be
restarted for the changes to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
ca-certificates-2010.63-3.el6_1.5.src.rpm
File outdated by:  RHSA-2013:1866
    MD5: b807d8c3737c3e7dcbc17a5f15d2880c
SHA-256: c11cfe9b609f65b022747386b9176eb0aef39dbe3ad5939bdd922bc9f8cb6376
 
IA-32:
ca-certificates-2010.63-3.el6_1.5.noarch.rpm
File outdated by:  RHSA-2013:1866
    MD5: be7ba9fcc4a80ec8efcba2ad2fc20c98
SHA-256: f4acf2af437a7100a9d570ad87fe74975fe0bcef131d059b5c1e805021d93d48
 
x86_64:
ca-certificates-2010.63-3.el6_1.5.noarch.rpm
File outdated by:  RHSA-2013:1866
    MD5: be7ba9fcc4a80ec8efcba2ad2fc20c98
SHA-256: f4acf2af437a7100a9d570ad87fe74975fe0bcef131d059b5c1e805021d93d48
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
ca-certificates-2010.63-3.el6_1.5.src.rpm
File outdated by:  RHSA-2013:1866
    MD5: b807d8c3737c3e7dcbc17a5f15d2880c
SHA-256: c11cfe9b609f65b022747386b9176eb0aef39dbe3ad5939bdd922bc9f8cb6376
 
x86_64:
ca-certificates-2010.63-3.el6_1.5.noarch.rpm
File outdated by:  RHSA-2013:1866
    MD5: be7ba9fcc4a80ec8efcba2ad2fc20c98
SHA-256: f4acf2af437a7100a9d570ad87fe74975fe0bcef131d059b5c1e805021d93d48
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
ca-certificates-2010.63-3.el6_1.5.src.rpm
File outdated by:  RHSA-2013:1866
    MD5: b807d8c3737c3e7dcbc17a5f15d2880c
SHA-256: c11cfe9b609f65b022747386b9176eb0aef39dbe3ad5939bdd922bc9f8cb6376
 
IA-32:
ca-certificates-2010.63-3.el6_1.5.noarch.rpm
File outdated by:  RHSA-2013:1866
    MD5: be7ba9fcc4a80ec8efcba2ad2fc20c98
SHA-256: f4acf2af437a7100a9d570ad87fe74975fe0bcef131d059b5c1e805021d93d48
 
PPC:
ca-certificates-2010.63-3.el6_1.5.noarch.rpm
File outdated by:  RHSA-2013:1866
    MD5: be7ba9fcc4a80ec8efcba2ad2fc20c98
SHA-256: f4acf2af437a7100a9d570ad87fe74975fe0bcef131d059b5c1e805021d93d48
 
s390x:
ca-certificates-2010.63-3.el6_1.5.noarch.rpm
File outdated by:  RHSA-2013:1866
    MD5: be7ba9fcc4a80ec8efcba2ad2fc20c98
SHA-256: f4acf2af437a7100a9d570ad87fe74975fe0bcef131d059b5c1e805021d93d48
 
x86_64:
ca-certificates-2010.63-3.el6_1.5.noarch.rpm
File outdated by:  RHSA-2013:1866
    MD5: be7ba9fcc4a80ec8efcba2ad2fc20c98
SHA-256: f4acf2af437a7100a9d570ad87fe74975fe0bcef131d059b5c1e805021d93d48
 
Red Hat Enterprise Linux Server EUS (v. 6.1.z)

SRPMS:
ca-certificates-2010.63-3.el6_1.5.src.rpm
File outdated by:  RHSA-2013:1866
    MD5: b807d8c3737c3e7dcbc17a5f15d2880c
SHA-256: c11cfe9b609f65b022747386b9176eb0aef39dbe3ad5939bdd922bc9f8cb6376
 
IA-32:
ca-certificates-2010.63-3.el6_1.5.noarch.rpm     MD5: be7ba9fcc4a80ec8efcba2ad2fc20c98
SHA-256: f4acf2af437a7100a9d570ad87fe74975fe0bcef131d059b5c1e805021d93d48
 
PPC:
ca-certificates-2010.63-3.el6_1.5.noarch.rpm     MD5: be7ba9fcc4a80ec8efcba2ad2fc20c98
SHA-256: f4acf2af437a7100a9d570ad87fe74975fe0bcef131d059b5c1e805021d93d48
 
s390x:
ca-certificates-2010.63-3.el6_1.5.noarch.rpm     MD5: be7ba9fcc4a80ec8efcba2ad2fc20c98
SHA-256: f4acf2af437a7100a9d570ad87fe74975fe0bcef131d059b5c1e805021d93d48
 
x86_64:
ca-certificates-2010.63-3.el6_1.5.noarch.rpm     MD5: be7ba9fcc4a80ec8efcba2ad2fc20c98
SHA-256: f4acf2af437a7100a9d570ad87fe74975fe0bcef131d059b5c1e805021d93d48
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
ca-certificates-2010.63-3.el6_1.5.src.rpm
File outdated by:  RHSA-2013:1866
    MD5: b807d8c3737c3e7dcbc17a5f15d2880c
SHA-256: c11cfe9b609f65b022747386b9176eb0aef39dbe3ad5939bdd922bc9f8cb6376
 
IA-32:
ca-certificates-2010.63-3.el6_1.5.noarch.rpm
File outdated by:  RHSA-2013:1866
    MD5: be7ba9fcc4a80ec8efcba2ad2fc20c98
SHA-256: f4acf2af437a7100a9d570ad87fe74975fe0bcef131d059b5c1e805021d93d48
 
x86_64:
ca-certificates-2010.63-3.el6_1.5.noarch.rpm
File outdated by:  RHSA-2013:1866
    MD5: be7ba9fcc4a80ec8efcba2ad2fc20c98
SHA-256: f4acf2af437a7100a9d570ad87fe74975fe0bcef131d059b5c1e805021d93d48
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

734381 - Remove DigiNotar CA cert from RHEL packages


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/