| Revision Date: | 2020-11-04 | Version: | 1 |
| Title: | (Important) |
| Description: |
This update for apache-commons-httpclient fixes the following issues:
- http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577]
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1154328
1178171
945190
CVE-2014-3577
CVE-2015-5262
CVE-2019-3693
openSUSE-SU-2020:0156-1
|
| Platform(s): | Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Server 4.0
SUSE Package Hub for SUSE Linux Enterprise 15 SP1
| Product(s): | |
| Definition Synopsis |
| SUSE Package Hub for SUSE Linux Enterprise 15 SP1 is installed AND mailman-2.1.29-bp151.5.3.1 is installed
|
| Definition Synopsis |
| Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM is installed
AND apache-commons-httpclient-3.1-11.3.2 is installed
|