Debian Security Advisory
DSA-2299-1 ca-certificates -- compromised certificate authority
- Date Reported:
- 31 Aug 2011
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 639744.
- More information:
An unauthorized SSL certificate has been found in the wild issued for the DigiNotar Certificate Authority, obtained through a security compromise with said company. Debian, like other software distributors, has as a precaution decided to disable the DigiNotar Root CA by default in its ca-certificates bundle.
For other software in Debian that ships a CA bundle, like the Mozilla suite, updates are forthcoming.
For the oldstable distribution (lenny), the ca-certificates package does not contain this root CA.
For the stable distribution (squeeze), the root CA has been disabled starting ca-certificates version 20090814+nmu3.
For the testing distribution (wheezy) and unstable distribution (sid), the root CA has been disabled starting ca-certificates version 20110502+nmu1.
We recommend that you upgrade your ca-certificates packages.