Detections
Analytics

Fedora 25 : ca-certificates (2016-d1408c3ba3)

high Nessus Plugin ID 94864

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

This is an update to the Mozilla CA certificates list version 2.9, which has been published as part of Mozilla NSS 3.26.

This update reverts the CA list to the unmodified upstream CA list.
The legacy CA modifications, which had previously been shipped with Fedora, have been reverted to an empty list. Because the certificate verification libraries shipped in Fedora have already been updated to find alternative chains of trust, trusting the legacy CAs with 1024-bit RSA keys should no longer be necessary.

The ca-legacy tool is kept, and existing configuration on systems will be preserved. However, the ca-legacy system configuration will have no effect after this update, as long as the legacy CA list is empty. The tool and the configuration are kept, because potentially it might be useful again, if other CAs must be treated as legacy CAs in the future.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected ca-certificates package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2016-d1408c3ba3

Plugin Details

Severity: High

ID: 94864

File Name: fedora_2016-d1408c3ba3.nasl

Version: 2.4

Type: local

Agent: unix

Published: 11/15/2016

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:ca-certificates, cpe:/o:fedoraproject:fedora:25

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 9/3/2016

Vulnerability Publication Date: 9/3/2016

Reference Information