Detections
Analytics

Debian DLA-2593-1 : ca-certificates whitelist Symantec CA

high Nessus Plugin ID 147775

Language:

Synopsis

The remote Debian host is missing a security update.

Description

This update reverts the Symantec CA blacklist (which was originally #911289). The following root certificates were added back (+) :

 + 'GeoTrust Global CA'

 + 'GeoTrust Primary Certification Authority'

 + 'GeoTrust Primary Certification Authority - G2'

 + 'GeoTrust Primary Certification Authority - G3'

 + 'GeoTrust Universal CA'

 + 'thawte Primary Root CA'

 + 'thawte Primary Root CA - G2'

 + 'thawte Primary Root CA - G3'

 + 'VeriSign Class 3 Public Primary Certification Authority
 - G4'

 + 'VeriSign Class 3 Public Primary Certification Authority
 - G5'

 + 'VeriSign Universal Root Certification Authority'

NOTE: due to bug #743339, CA certificates added back in this version won't automatically be trusted again on upgrade. Affected users may need to reconfigure the package to restore the desired state.

For Debian 9 stretch, this problem has been fixed in version 20200601~deb9u2.

We recommend that you upgrade your ca-certificates packages.

For the detailed security status of ca-certificates please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/ca-certificates

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Upgrade the affected packages.

See Also

https://lists.debian.org/debian-lts-announce/2021/03/msg00016.html

https://packages.debian.org/source/stretch/ca-certificates

http://www.nessus.org/u?c9932d96

Plugin Details

Severity: High

ID: 147775

File Name: debian_DLA-2593.nasl

Version: 1.1

Type: local

Agent: unix

Published: 3/15/2021

Updated: 3/15/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:ca-certificates, p-cpe:/a:debian:debian_linux:ca-certificates-udeb, cpe:/o:debian:debian_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 3/13/2021

Vulnerability Publication Date: 3/13/2021