On Tue, 6 Sep 2011, Pat Riehecky wrote:
> On 09/06/2011 07:19 AM, Frank Lanitz wrote:
>> Am 06.09.2011 06:38, schrieb Franchisseur Robert:
>>> -- Le (On) 2011-09-06 +0200 à (at) 00:53:39 Andreas Petzold écrivit
>>> (wrote): --
>>>
>>>> On Tuesday, September 06, 2011 00:26:22 Valerii D. wrote:
>>>>> <snip>
>>>>>
>>>>> Yes. And the distribution is still the browser 3. 6. 2 without security
>>>>> updates. And with a certificate from DigiNotar.
>>>> TUV released the errata a week ago, so we can expect to see patched rpms
>>>> from
>>>> SL soon. In the meantime you can just delete the Diginotar CA from FF.
>>>>
>>> You can't ! It seems it was deleted but if you re-open :
>>>
>>> Edit --> Preferences --> Advanced --> Encryption --> View
>>> certificats --> Authorities
>>>
>>> it is still there !
>>>
>>>
>> Don't delete them, just mark them as not trustworthy. This will help.
>>
>>
>> Cheers,
>> Frank
>>
>> P.S. Aren't the certifactes distributes within the ca-package which have
>> at least been updated for 6.x?
>
> Hello,
>
> It looks like the errata pushed out on 9/1 and 9/2 should take care of this
> automatically.
>
> http://listserv.fnal.gov/scripts/wa.exe?A2=ind1109&L=scientific-linux-errata&P=337
> http://listserv.fnal.gov/scripts/wa.exe?A2=ind1109&L=scientific-linux-errata&P=1002
RedHat have released firefox-3.6.22 and xulrunner-1.9.2.22
https://rhn.redhat.com/errata/RHSA-2011-1268.html
and thunderbird 1.5.0.12-43-el4 / 2.0.0.24-25.el5 / 3.1.14-1.el6_1
https://rhn.redhat.com/errata/RHSA-2011-1267.html
thus the firefox and thunderbird errata pushed last week are not
considered sufficient by TUV.
--
Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge
[log in to unmask]http://www.dpmms.cam.ac.uk/~werdna