SuSE 11.2 / 11.3 Security Update : openssl-certs (SAT Patch Numbers 8681 / 8682)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing a security update.

Description :

openssl-certs was updated with the current certificate data available
from mozilla.org.

Changes :

- Updated certificates to revision 1.95 Distrust a sub-ca
that issued google.com certificates. 'Distrusted AC DG
Tresor SSL'. (bnc#854367)

Many CA updates from Mozilla :

- new:
CA_Disig_Root_R1:2.9.0.195.3.154.238.80.144.110.40.crt
server auth, code signing, email signing

- new:
CA_Disig_Root_R2:2.9.0.146.184.136.219.176.138.193.99.cr
t server auth, code signing, email signing

- new:
China_Internet_Network_Information_Center_EV_Certificate
s_Root:2.4.72.159.0.1.crt server auth

- changed:
Digital_Signature_Trust_Co._Global_CA_1:2.4.54.112.21.15
0.crt removed code signing and server auth abilities

- changed:
Digital_Signature_Trust_Co._Global_CA_3:2.4.54.110.211.2
06.crt removed code signing and server auth abilities

- new: D-TRUST_Root_Class_3_CA_2_2009:2.3.9.131.243.crt
server auth

- new: D-TRUST_Root_Class_3_CA_2_EV_2009:2.3.9.131.244.crt
server auth

- removed:
Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.185.
102.crt

- new:
Entrust.net_Premium_2048_Secure_Server_CA:2.4.56.99.222.
248.crt

- removed:
Equifax_Secure_eBusiness_CA_2:2.4.55.112.207.181.crt

- new: PSCProcert:2.1.11.crt server auth, code signing,
email signing

- new:
Swisscom_Root_CA_2:2.16.30.158.40.232.72.242.229.239.195
.124.74.30.90.24.103.182.crt server auth, code signing,
email signing

- new:
Swisscom_Root_EV_CA_2:2.17.0.242.250.100.226.116.99.211.
141.253.16.29.4.31.118.202.88.crt server auth, code
signing

- changed:
TC_TrustCenter_Universal_CA_III:2.14.99.37.0.1.0.2.20.14
1.51.21.2.228.108.244.crt removed all abilities

- new:
TURKTRUST_Certificate_Services_Provider_Root_2007:2.1.1.
crt server auth, code signing

- changed: TWCA_Root_Certification_Authority:2.1.1.crt
added code signing ability

- new 'EE Certification Centre Root CA'

- new 'T-TeleSec GlobalRoot Class 3'

- revoke mis-issued intermediate CAs from TURKTRUST.

See also :

https://bugzilla.novell.com/show_bug.cgi?id=796628
https://bugzilla.novell.com/show_bug.cgi?id=854367

Solution :

Apply SAT patch number 8681 / 8682 as appropriate.

Risk factor :

High

Family: SuSE Local Security Checks

Nessus Plugin ID: 71836 ()

Bugtraq ID:

CVE ID: