- Issued:
- 2013-11-20
- Updated:
- 2013-11-20
RHEA-2013:1596 - Product Enhancement Advisory
Synopsis
ca-certificates enhancement update
Type/Severity
Product Enhancement Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated ca-certificates packages that add various enhancements are now available
for Red Hat Enterprise Linux 6.
Description
The ca-certificates package contains a set of CA certificates chosen by the
Mozilla Foundation for use with the Internet Public Key Infrastructure (PKI).
The ca-certificates package has been upgraded to upstream version 1.94 as
released with NSS version 3.15, which provides an updated set of recent
Certificate Authorities according to the Mozilla CA Certificate Policy. Also,
the update-ca-trust configuration management tool has been added. (BZ#973727,
BZ#1002646)
This update also adds the following enhancement:
- This update provides Shared System Certificate Authority storage, a
system-wide trust storage for configuration data, required as an input for
certificate trust decisions. This is a functionally compatible replacement for
classic Certificate Authority configuration files and for the libnssckbi NSS
trust module. This feature must be explicitly enabled by an administrator. Refer
to the update-ca-trust man page in the ca-certificates package for a more
detailed description of the feature. (BZ#544376)
Users of ca-certificates are advised to upgrade to these updated packages, which
add these enhancements.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
- Red Hat Enterprise Linux for IBM z Systems 6 s390x
- Red Hat Enterprise Linux for Power, big endian 6 ppc64
- Red Hat Enterprise Linux for Scientific Computing 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
- Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6 s390x
Fixes
- BZ - 973727 - Update to newer snapshot of the Mozilla root CA list in the ca-certificate rpm package
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 6
| SRPM | |
|---|---|
| ca-certificates-2013.1.94-65.0.el6.src.rpm | SHA-256: deee7fdfa6e0895fba4f82991dd273dbf3bf0e2ae728ed23a74b4c3a762d3e67 |
| x86_64 | |
| ca-certificates-2013.1.94-65.0.el6.noarch.rpm | SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50 |
| ca-certificates-2013.1.94-65.0.el6.noarch.rpm | SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50 |
| i386 | |
| ca-certificates-2013.1.94-65.0.el6.noarch.rpm | SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support 6
| SRPM | |
|---|---|
| ca-certificates-2013.1.94-65.0.el6.src.rpm | SHA-256: deee7fdfa6e0895fba4f82991dd273dbf3bf0e2ae728ed23a74b4c3a762d3e67 |
| x86_64 | |
| ca-certificates-2013.1.94-65.0.el6.noarch.rpm | SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50 |
| i386 | |
| ca-certificates-2013.1.94-65.0.el6.noarch.rpm | SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50 |
Red Hat Enterprise Linux Workstation 6
| SRPM | |
|---|---|
| ca-certificates-2013.1.94-65.0.el6.src.rpm | SHA-256: deee7fdfa6e0895fba4f82991dd273dbf3bf0e2ae728ed23a74b4c3a762d3e67 |
| x86_64 | |
| ca-certificates-2013.1.94-65.0.el6.noarch.rpm | SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50 |
| i386 | |
| ca-certificates-2013.1.94-65.0.el6.noarch.rpm | SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50 |
Red Hat Enterprise Linux Desktop 6
| SRPM | |
|---|---|
| ca-certificates-2013.1.94-65.0.el6.src.rpm | SHA-256: deee7fdfa6e0895fba4f82991dd273dbf3bf0e2ae728ed23a74b4c3a762d3e67 |
| x86_64 | |
| ca-certificates-2013.1.94-65.0.el6.noarch.rpm | SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50 |
| i386 | |
| ca-certificates-2013.1.94-65.0.el6.noarch.rpm | SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50 |
Red Hat Enterprise Linux for IBM z Systems 6
| SRPM | |
|---|---|
| ca-certificates-2013.1.94-65.0.el6.src.rpm | SHA-256: deee7fdfa6e0895fba4f82991dd273dbf3bf0e2ae728ed23a74b4c3a762d3e67 |
| s390x | |
| ca-certificates-2013.1.94-65.0.el6.noarch.rpm | SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50 |
Red Hat Enterprise Linux for Power, big endian 6
| SRPM | |
|---|---|
| ca-certificates-2013.1.94-65.0.el6.src.rpm | SHA-256: deee7fdfa6e0895fba4f82991dd273dbf3bf0e2ae728ed23a74b4c3a762d3e67 |
| ppc64 | |
| ca-certificates-2013.1.94-65.0.el6.noarch.rpm | SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50 |
Red Hat Enterprise Linux for Scientific Computing 6
| SRPM | |
|---|---|
| ca-certificates-2013.1.94-65.0.el6.src.rpm | SHA-256: deee7fdfa6e0895fba4f82991dd273dbf3bf0e2ae728ed23a74b4c3a762d3e67 |
| x86_64 | |
| ca-certificates-2013.1.94-65.0.el6.noarch.rpm | SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50 |
Red Hat Enterprise Linux Server from RHUI 6
| SRPM | |
|---|---|
| ca-certificates-2013.1.94-65.0.el6.src.rpm | SHA-256: deee7fdfa6e0895fba4f82991dd273dbf3bf0e2ae728ed23a74b4c3a762d3e67 |
| x86_64 | |
| ca-certificates-2013.1.94-65.0.el6.noarch.rpm | SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50 |
| i386 | |
| ca-certificates-2013.1.94-65.0.el6.noarch.rpm | SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6
| SRPM | |
|---|---|
| ca-certificates-2013.1.94-65.0.el6.src.rpm | SHA-256: deee7fdfa6e0895fba4f82991dd273dbf3bf0e2ae728ed23a74b4c3a762d3e67 |
| s390x | |
| ca-certificates-2013.1.94-65.0.el6.noarch.rpm | SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6
| SRPM | |
|---|---|
| ca-certificates-2013.1.94-65.0.el6.src.rpm | SHA-256: deee7fdfa6e0895fba4f82991dd273dbf3bf0e2ae728ed23a74b4c3a762d3e67 |
| x86_64 | |
| ca-certificates-2013.1.94-65.0.el6.noarch.rpm | SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50 |
| i386 | |
| ca-certificates-2013.1.94-65.0.el6.noarch.rpm | SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6
| SRPM | |
|---|---|
| ca-certificates-2013.1.94-65.0.el6.src.rpm | SHA-256: deee7fdfa6e0895fba4f82991dd273dbf3bf0e2ae728ed23a74b4c3a762d3e67 |
| s390x | |
| ca-certificates-2013.1.94-65.0.el6.noarch.rpm | SHA-256: ba6b31ce259e465b2a7ff1c67ce084faedea77ea1eed6aa920d9bae0018f0e50 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
