Security Advisory Moderate: ca-certificates security update

Advisory: RHSA-2013:1866-3
Type: Security Advisory
Severity: Moderate
Issued on: 2013-12-20
Last updated on: 2013-12-20
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.5)
Red Hat Enterprise Linux Server EUS (v. 6.5.z)
Red Hat Enterprise Linux Workstation (v. 6)

Details

An updated ca-certificates package that fixes one security issue is now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact.

This package contains the set of CA certificates chosen by the Mozilla
Foundation for use with the Internet Public Key Infrastructure (PKI).

It was found that a subordinate Certificate Authority (CA) mis-issued an
intermediate certificate, which could be used to conduct man-in-the-middle
attacks. This update renders that particular intermediate certificate as
untrusted. (BZ#1038894)

All users should upgrade to this updated package. After installing the
update, all applications using the ca-certificates package must be
restarted for the changes to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
ca-certificates-2013.1.95-65.1.el6_5.src.rpm
File outdated by:  RHBA-2015:0948
    MD5: 816a394c4b7f6098ffae2a2b9f2aaba3
SHA-256: 48db83e635858114891a456cdeddb76b89a72651b9f41f07f4cdda6e1a51bbc0
 
IA-32:
ca-certificates-2013.1.95-65.1.el6_5.noarch.rpm
File outdated by:  RHBA-2015:0948
    MD5: d9aafc14403e451041a6abee1c4c5c10
SHA-256: b5e6490a1cf132bc9730a1afbfd96c2d74f00345c7258f79acbe47b8813d70f2
 
x86_64:
ca-certificates-2013.1.95-65.1.el6_5.noarch.rpm
File outdated by:  RHBA-2015:0948
    MD5: d9aafc14403e451041a6abee1c4c5c10
SHA-256: b5e6490a1cf132bc9730a1afbfd96c2d74f00345c7258f79acbe47b8813d70f2
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
ca-certificates-2013.1.95-65.1.el6_5.src.rpm
File outdated by:  RHBA-2015:0948
    MD5: 816a394c4b7f6098ffae2a2b9f2aaba3
SHA-256: 48db83e635858114891a456cdeddb76b89a72651b9f41f07f4cdda6e1a51bbc0
 
x86_64:
ca-certificates-2013.1.95-65.1.el6_5.noarch.rpm
File outdated by:  RHBA-2015:0948
    MD5: d9aafc14403e451041a6abee1c4c5c10
SHA-256: b5e6490a1cf132bc9730a1afbfd96c2d74f00345c7258f79acbe47b8813d70f2
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
ca-certificates-2013.1.95-65.1.el6_5.src.rpm
File outdated by:  RHBA-2015:0948
    MD5: 816a394c4b7f6098ffae2a2b9f2aaba3
SHA-256: 48db83e635858114891a456cdeddb76b89a72651b9f41f07f4cdda6e1a51bbc0
 
IA-32:
ca-certificates-2013.1.95-65.1.el6_5.noarch.rpm
File outdated by:  RHBA-2015:0948
    MD5: d9aafc14403e451041a6abee1c4c5c10
SHA-256: b5e6490a1cf132bc9730a1afbfd96c2d74f00345c7258f79acbe47b8813d70f2
 
PPC:
ca-certificates-2013.1.95-65.1.el6_5.noarch.rpm
File outdated by:  RHBA-2015:0948
    MD5: d9aafc14403e451041a6abee1c4c5c10
SHA-256: b5e6490a1cf132bc9730a1afbfd96c2d74f00345c7258f79acbe47b8813d70f2
 
s390x:
ca-certificates-2013.1.95-65.1.el6_5.noarch.rpm
File outdated by:  RHBA-2015:0948
    MD5: d9aafc14403e451041a6abee1c4c5c10
SHA-256: b5e6490a1cf132bc9730a1afbfd96c2d74f00345c7258f79acbe47b8813d70f2
 
x86_64:
ca-certificates-2013.1.95-65.1.el6_5.noarch.rpm
File outdated by:  RHBA-2015:0948
    MD5: d9aafc14403e451041a6abee1c4c5c10
SHA-256: b5e6490a1cf132bc9730a1afbfd96c2d74f00345c7258f79acbe47b8813d70f2
 
Red Hat Enterprise Linux Server AUS (v. 6.5)

SRPMS:
ca-certificates-2013.1.95-65.1.el6_5.src.rpm
File outdated by:  RHBA-2015:0948
    MD5: 816a394c4b7f6098ffae2a2b9f2aaba3
SHA-256: 48db83e635858114891a456cdeddb76b89a72651b9f41f07f4cdda6e1a51bbc0
 
x86_64:
ca-certificates-2013.1.95-65.1.el6_5.noarch.rpm
File outdated by:  RHEA-2014:0993
    MD5: d9aafc14403e451041a6abee1c4c5c10
SHA-256: b5e6490a1cf132bc9730a1afbfd96c2d74f00345c7258f79acbe47b8813d70f2
 
Red Hat Enterprise Linux Server EUS (v. 6.5.z)

SRPMS:
ca-certificates-2013.1.95-65.1.el6_5.src.rpm
File outdated by:  RHBA-2015:0948
    MD5: 816a394c4b7f6098ffae2a2b9f2aaba3
SHA-256: 48db83e635858114891a456cdeddb76b89a72651b9f41f07f4cdda6e1a51bbc0
 
IA-32:
ca-certificates-2013.1.95-65.1.el6_5.noarch.rpm
File outdated by:  RHEA-2014:0993
    MD5: d9aafc14403e451041a6abee1c4c5c10
SHA-256: b5e6490a1cf132bc9730a1afbfd96c2d74f00345c7258f79acbe47b8813d70f2
 
PPC:
ca-certificates-2013.1.95-65.1.el6_5.noarch.rpm
File outdated by:  RHEA-2014:0993
    MD5: d9aafc14403e451041a6abee1c4c5c10
SHA-256: b5e6490a1cf132bc9730a1afbfd96c2d74f00345c7258f79acbe47b8813d70f2
 
s390x:
ca-certificates-2013.1.95-65.1.el6_5.noarch.rpm
File outdated by:  RHEA-2014:0993
    MD5: d9aafc14403e451041a6abee1c4c5c10
SHA-256: b5e6490a1cf132bc9730a1afbfd96c2d74f00345c7258f79acbe47b8813d70f2
 
x86_64:
ca-certificates-2013.1.95-65.1.el6_5.noarch.rpm
File outdated by:  RHEA-2014:0993
    MD5: d9aafc14403e451041a6abee1c4c5c10
SHA-256: b5e6490a1cf132bc9730a1afbfd96c2d74f00345c7258f79acbe47b8813d70f2
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
ca-certificates-2013.1.95-65.1.el6_5.src.rpm
File outdated by:  RHBA-2015:0948
    MD5: 816a394c4b7f6098ffae2a2b9f2aaba3
SHA-256: 48db83e635858114891a456cdeddb76b89a72651b9f41f07f4cdda6e1a51bbc0
 
IA-32:
ca-certificates-2013.1.95-65.1.el6_5.noarch.rpm
File outdated by:  RHBA-2015:0948
    MD5: d9aafc14403e451041a6abee1c4c5c10
SHA-256: b5e6490a1cf132bc9730a1afbfd96c2d74f00345c7258f79acbe47b8813d70f2
 
x86_64:
ca-certificates-2013.1.95-65.1.el6_5.noarch.rpm
File outdated by:  RHBA-2015:0948
    MD5: d9aafc14403e451041a6abee1c4c5c10
SHA-256: b5e6490a1cf132bc9730a1afbfd96c2d74f00345c7258f79acbe47b8813d70f2
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1038894 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/