Security Information / 2011 / Security Information -- DSA-2299-1 ca-certificates

Debian Security Advisory

DSA-2299-1 ca-certificates -- compromised certificate authority

Date Reported:

31 Aug 2011

Affected Packages:

ca-certificates

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 639744.

More information:

An unauthorized SSL certificate has been found in the wild issued for the DigiNotar Certificate Authority, obtained through a security compromise with said company. Debian, like other software distributors, has as a precaution decided to disable the DigiNotar Root CA by default in its ca-certificates bundle.

For other software in Debian that ships a CA bundle, like the Mozilla suite, updates are forthcoming.

For the oldstable distribution (lenny), the ca-certificates package does not contain this root CA.

For the stable distribution (squeeze), the root CA has been disabled starting ca-certificates version 20090814+nmu3.

For the testing distribution (wheezy) and unstable distribution (sid), the root CA has been disabled starting ca-certificates version 20110502+nmu1.

We recommend that you upgrade your ca-certificates packages.