Revision Date: | 2020-11-04 | Version: | 1 |
Title: | (Important) |
Description: |
This update for apache-commons-httpclient fixes the following issues:
- http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577]
|
Family: | unix | Class: | patch |
Status: | | Reference(s): | 1154328 1178171 945190 CVE-2014-3577 CVE-2015-5262 CVE-2019-3693 openSUSE-SU-2020:0156-1
|
Platform(s): | Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Server 4.0 SUSE Package Hub for SUSE Linux Enterprise 15 SP1
| Product(s): | |
Definition Synopsis |
SUSE Package Hub for SUSE Linux Enterprise 15 SP1 is installed AND mailman-2.1.29-bp151.5.3.1 is installed
|
Definition Synopsis |
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM is installed
AND apache-commons-httpclient-3.1-11.3.2 is installed
|