[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SUA 182-1] Updated ca-certificates package

Debian Stable Updates Announcement SUA 182-1     https://www.debian.org
debian-release@lists.debian.org                          Michael Shuler
June 7th, 2020

Package              : ca-certificates
Version              : 20200601~deb10u1 [buster]
                       20200601~deb9u1  [stretch]
Importance           : medium

The ca-certificates package includes copies of the root and intermediate
SSL certificates used by various Certificate Authorities to sign SSL
certificates they issue. This allows applications to confirm the
authenticity of certificates being used by servers that they connect

Recently, one of the included certificates - the "AddTrust External
Root" certificate - expired, causing problems for some applications
attempting to verify connections to servers using that certificate.

It should be possible to verify affected connections using other
"chains" of intermediate and root certificates. However, the inclusion
of the expired certificate can lead to some libraries and applications
using it in preference, resulting in verification failures. This update
disables the use of that certificate for connections, allowing them to
be verified successfully.

The included Mozilla certificate bundle is updated to version
2.40, thus also disabling a number of root certificates belonging to

If you use ca-certificates, we recommend that you install this update.

Upgrade Instructions

You can get the updated packages by adding the stable-updates archive
for your distribution to your /etc/apt/sources.list:

 deb http://ftp.debian.org/debian buster-updates main
 deb-src http://ftp.debian.org/debian buster-updates main


 deb http://ftp.debian.org/debian stretch-updates main
 deb-src http://ftp.debian.org/debian stretch-updates main

You can also use any of the Debian archive mirrors.  See
https://www.debian.org/mirrors/list for the full list of mirrors.

For further information about stable-updates, please refer to

If you encounter any issues, please don't hesitate to get in touch with
the Debian Release Team at debian-release@lists.debian.org

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: