Oval Definition:oval:org.opensuse.security:def:100240
Revision Date:2020-11-04Version:1
Title: (Important)
Description:

This update for apache-commons-httpclient fixes the following issues:

- http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577]
Family:unixClass:patch
Status:Reference(s):1154328
1178171
945190
CVE-2014-3577
CVE-2015-5262
CVE-2019-3693
openSUSE-SU-2020:0156-1
Platform(s):Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Server 4.0
SUSE Package Hub for SUSE Linux Enterprise 15 SP1
Product(s):
Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 15 SP1 is installed
  • AND mailman-2.1.29-bp151.5.3.1 is installed
  • Definition Synopsis
  • Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM is installed
  • AND apache-commons-httpclient-3.1-11.3.2 is installed
  • BACK