Name of the Vulnerable Software and Affected Versions ca-certificates (affected versions not specified) OpenSSL (affected versions not specified)

Description The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates, including the removal of the SPI CA and CA certificates with 1024-bit RSA keys. An update to the OpenSSL package adds support for alternate certificate chains to properly handle the removal of these certificates.

Recommendations For ca-certificates, update to a version that includes the refreshed certificates. For OpenSSL, apply the update that adds support for alternate certificate chains. As a temporary workaround, consider restricting the use of certificates with 1024-bit RSA keys until the issue is resolved.