[Security] Heads up - mozilla ca certs

Horton fghorton at knology.net
Wed Aug 31 23:57:23 UTC 2011


I just forced a recheck for updates and found this for 64 bit Firefox.

-------------
Changes for the versions:
3.6.20+build1+nobinonly-0ubuntu0.10.04.1
3.6.21+build1+nobinonly-0ubuntu0.10.04.1

Version 3.6.21+build1+nobinonly-0ubuntu0.10.04.1:

   * New upstream release v3.6.21 (FIREFOX_3_6_21_BUILD1)
     - Distrust and disable DigiNotar Root CA due to fraudulent certificate
       issuance (LP: #837557)
-------------



On 08/31/2011 04:52 PM, NoOp wrote:
> On 08/31/2011 02:37 PM, Jordon Bedwell wrote:
>> On 08/31/2011 03:53 PM, Ric Moore wrote:
>>> Thanks for the heads up, I had that one in my certs. I deleted it. I
>>> happened to look at all the rest, The country of Japan?? There's a bunch
>>> that I have no clue where they came from... this is just stuff I just
>>> trusted and I didn't bother to go looking for fraudulent certs. I'm
>>> assuming the upgrade will show up in synaptic. Thanks again, Ric
>> You can also switch to the mozillateam ppa which was updated early this
>> morning before Debian issued it's DSA for iceweasal.  I don't assume it
>> will be very long before Ubuntu gets it out though since it already hit
>> the PPA.
>>
>>
> Mozilla SeaMonkey Linux versions are borked (both 32bit and 64bit). Both
> report 2.3.1. But *worse* is that they reenstate DigiNotar Root CA.
> Tested both ways:
>
> 1. 32bit linux deleted DigiNotar Root CA and then did the update via
> Help|Check for Updates. DigiNotar Root CA is now back.
> Build identifier: Mozilla/5.0 (X11; Linux i686; rv:6.0.1) Gecko/20110830
> Firefox/6.0.1 SeaMonkey/2.3.1
>
> 2. 64bit linux deleted DigiNotar Root CA and then did the update via
> Help|Check for Updates. DigiNotar Root CA is now back. So I downloaded
> the entire bz2, deleted the old, and extracted to a new folder;
> DigiNotar Root CA is now back on that version as well.
> Build identifier: Mozilla/5.0 (X11; Linux x86_64; rv:6.0.1)
> Gecko/20110830 Firefox/6.0.1 SeaMonkey/2.3.1
>
> I've notified the Mozilla devs&  Justin Wood (Callek) who is responsible
> for the builds.
>
>





More information about the ubuntu-users mailing list