[El-errata] ELBA-2015-0964 Oracle Linux 7 ca-certificates bug fix and enhancement update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue May 12 13:10:42 PDT 2015

Oracle Linux Bug Fix Advisory ELBA-2015-0964


The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

- Update to CKBI 2.4 from NSS 3.18.1 with legacy modifications.

- Update to CKBI 2.3 from NSS 3.18 with legacy modifications.
- Add a patch to the source RPM that documents the changes from the
   upstream version.
- Introduce the ca-legacy utility, a manual page, and the ca-legacy.conf
   configuration file.
- The new scriptlets require the coreutils package.
- Remove the obsolete blacklist.txt file.
- Add an alternative version of the "Thawte Premium Server CA" root,
   which carries a SHA1-RSA signature, to allow OpenJDK to verify applets
   which contain that version of the root certificate.
   This change doesn't add trust for another key, because both versions
   of the certificate use the same public key (rhbz#1170982).

More information about the El-errata mailing list