The openssl-certs package was updated to match the certificates contained in the Mozilla NSS 3.15.4 release.
Following changes were done to the list of root CAs :
- Added: ACCVRAIZ1.pem (Spain) (all trusts)
- Added: SG_TRUST_SERVICES_RACINE.pem (Singapore) (email signing only)
- Added: TWCA_Global_Root_CA.pem (Taiwanese) (all trusts)
- Removed: Wells_Fargo_Root_CA.pem If openssl1 is available as a command line tool, also certificate hashes for openssl1 are created. (bnc#860581)
{"id": "SUSE_11_OPENSSL-CERTS-140224.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "SuSE 11.3 Security Update : openssl-certs (SAT Patch Number 8924)", "description": "The openssl-certs package was updated to match the certificates contained in the Mozilla NSS 3.15.4 release.\n\nFollowing changes were done to the list of root CAs :\n\n - Added: ACCVRAIZ1.pem (Spain) (all trusts)\n\n - Added: SG_TRUST_SERVICES_RACINE.pem (Singapore) (email signing only)\n\n - Added: TWCA_Global_Root_CA.pem (Taiwanese) (all trusts)\n\n - Removed: Wells_Fargo_Root_CA.pem If openssl1 is available as a command line tool, also certificate hashes for openssl1 are created. (bnc#860581)", "published": "2014-03-06T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/72856", "reporter": "This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=865080", "https://bugzilla.novell.com/show_bug.cgi?id=860581"], "cvelist": [], "immutableFields": [], "lastseen": "2021-08-19T12:50:50", "viewCount": 10, "enchantments": {"dependencies": {}, "score": {"value": -0.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "canvas", "idList": ["NSS"]}]}, "exploitation": null, "vulnersScore": -0.4}, "pluginID": "72856", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72856);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_name(english:\"SuSE 11.3 Security Update : openssl-certs (SAT Patch Number 8924)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openssl-certs package was updated to match the certificates\ncontained in the Mozilla NSS 3.15.4 release.\n\nFollowing changes were done to the list of root CAs :\n\n - Added: ACCVRAIZ1.pem (Spain) (all trusts)\n\n - Added: SG_TRUST_SERVICES_RACINE.pem (Singapore) (email\n signing only)\n\n - Added: TWCA_Global_Root_CA.pem (Taiwanese) (all trusts)\n\n - Removed: Wells_Fargo_Root_CA.pem If openssl1 is\n available as a command line tool, also certificate\n hashes for openssl1 are created. (bnc#860581)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=860581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=865080\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 8924.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:openssl-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"openssl-certs-1.96-0.4.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"openssl-certs-1.96-0.4.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"openssl-certs-1.96-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:11:openssl-certs", "cpe:/o:novell:suse_linux:11"], "solution": "Apply SAT patch number 8924.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2014-02-24T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 0}}