Oval Definition:oval:org.opensuse.security:def:50847
Revision Date:2020-12-01Version:1
Title:Security update for apache-commons-httpclient (Important)
Description:

This update for apache-commons-httpclient fixes the following issues:

- http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577]
Family:unixClass:patch
Status:Reference(s):1027282
1041090
1042670
1044231
1051510
1051858
1056686
1060463
1065729
1068664
1073269
1073748
1078326
1078485
1079300
1081750
1082023
1083507
1084650
1084671
1086001
1088004
1088009
1092920
1103990
1103992
1104353
1104745
1106383
1109837
1109847
1111666
1111793
1111974
1112178
1112374
1113755
1113956
1114279
1114685
1119680
1122191
1127611
1129346
1130840
1130847
1133021
1133495
1134090
1136157
1138459
1141853
1141895
1144333
1144348
1144352
1146539
1149742
1149792
1149955
1151377
1153238
1153830
1154091
1154256
1155207
1155574
1156213
1156482
1156510
1157424
1158187
1158485
1158785
1158787
1158788
1158789
1158790
1158791
1158792
1158793
1158795
1159035
1159285
1159814
1159913
1160659
1161436
1161561
1161951
1162108
1162928
1162929
1162931
1163985
1164078
1164507
1165111
1165404
1165488
1165527
1165631
1165741
1165813
1165873
1165929
1165950
1165980
1165984
1165985
1166003
1166101
1166102
1166103
1166104
1166632
1166658
1166730
1166731
1166732
1166733
1166734
1166735
1172004
1172410
1172810
1173026
1173027
1173376
1173377
1173378
1173380
1173991
1174157
1174284
1175476
1175674
1175686
1176579
1178171
214983
298378
346490
367853
379534
380942
399190
406051
425138
426563
430761
432677
436966
437293
441088
462375
525295
534721
551715
572673
577032
581765
603255
617751
637176
638233
658604
673071
682554
697251
707667
718009
747125
747794
751718
754447
766778
794139
804978
827982
831442
834601
836739
856835
856836
857470
863741
885882
898572
901715
935856
945190
945401
964182
984751
985177
985348
989523
997436
CVE-2007-2052
CVE-2008-1721
CVE-2008-2315
CVE-2008-2316
CVE-2008-3142
CVE-2008-3143
CVE-2008-3144
CVE-2011-1521
CVE-2011-3389
CVE-2011-4944
CVE-2012-0845
CVE-2012-1150
CVE-2013-1752
CVE-2013-1753
CVE-2013-4238
CVE-2014-1912
CVE-2014-3577
CVE-2014-4650
CVE-2014-7185
CVE-2015-5262
CVE-2016-0772
CVE-2016-1000110
CVE-2016-5636
CVE-2016-5699
CVE-2017-1000158
CVE-2017-18207
CVE-2018-1000030
CVE-2018-1000802
CVE-2018-1060
CVE-2018-1061
CVE-2018-14647
CVE-2018-20852
CVE-2019-10160
CVE-2019-1348
CVE-2019-1349
CVE-2019-1350
CVE-2019-1351
CVE-2019-1352
CVE-2019-1353
CVE-2019-1354
CVE-2019-1387
CVE-2019-14491
CVE-2019-14492
CVE-2019-14562
CVE-2019-15939
CVE-2019-16056
CVE-2019-16935
CVE-2019-19604
CVE-2019-19768
CVE-2019-20386
CVE-2019-5010
CVE-2019-5108
CVE-2019-9636
CVE-2019-9947
CVE-2019-9948
CVE-2020-10749
CVE-2020-12693
CVE-2020-14556
CVE-2020-14562
CVE-2020-14573
CVE-2020-14577
CVE-2020-14581
CVE-2020-14583
CVE-2020-14593
CVE-2020-14621
CVE-2020-1472
CVE-2020-15563
CVE-2020-15565
CVE-2020-15566
CVE-2020-15567
CVE-2020-15663
CVE-2020-15664
CVE-2020-15670
CVE-2020-1712
CVE-2020-1720
CVE-2020-1749
CVE-2020-8169
CVE-2020-8177
CVE-2020-8647
CVE-2020-8648
CVE-2020-8649
CVE-2020-9383
SUSE-SU-2019:3192-1
SUSE-SU-2020:0045-1
SUSE-SU-2020:0234-1
SUSE-SU-2020:0335-1
SUSE-SU-2020:0589-1
SUSE-SU-2020:0836-1
SUSE-SU-2020:1554-1
SUSE-SU-2020:1957-1
SUSE-SU-2020:2143-1
SUSE-SU-2020:2713-1
SUSE-SU-2020:2719-1
SUSE-SU-2020:3151-1
Platform(s):SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Module for additional PackageHub packages 15
SUSE Linux Enterprise Module for Basesystem 15 SP1
SUSE Linux Enterprise Module for High Performance Computing 15 SP1
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Module for Public Cloud 15 SP1
SUSE Linux Enterprise Module for Server Applications 15
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Workstation Extension 15 SP1
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • ecryptfs-utils-61-1.35 is installed
  • OR ecryptfs-utils-32bit-61-1.35 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND cifs-utils-6.4-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND clamav-0.98.7-13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • DirectFB-1.7.1-6 is installed
  • OR lib++dfb-1_7-1-1.7.1-6 is installed
  • OR libdirectfb-1_7-1-1.7.1-6 is installed
  • OR libdirectfb-1_7-1-32bit-1.7.1-6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • alsa-1.0.27.2-15 is installed
  • OR libasound2-1.0.27.2-15 is installed
  • OR libasound2-32bit-1.0.27.2-15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • krb5-1.12.5-40.28 is installed
  • OR krb5-32bit-1.12.5-40.28 is installed
  • OR krb5-client-1.12.5-40.28 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for additional PackageHub packages 15 is installed
  • AND Package Information
  • opencv-3.3.1-6.6 is installed
  • OR python2-opencv-3.3.1-6.6 is installed
  • OR python3-opencv-3.3.1-6.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed
  • AND apache-commons-httpclient-3.1-4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for High Performance Computing 15 SP1 is installed
  • AND Package Information
  • libnss_slurm2-20.02.3-3.8 is installed
  • OR libpmi0_20_02-20.02.3-3.8 is installed
  • OR libslurm35-20.02.3-3.8 is installed
  • OR perl-slurm_20_02-20.02.3-3.8 is installed
  • OR slurm_20_02-20.02.3-3.8 is installed
  • OR slurm_20_02-auth-none-20.02.3-3.8 is installed
  • OR slurm_20_02-config-20.02.3-3.8 is installed
  • OR slurm_20_02-config-man-20.02.3-3.8 is installed
  • OR slurm_20_02-devel-20.02.3-3.8 is installed
  • OR slurm_20_02-doc-20.02.3-3.8 is installed
  • OR slurm_20_02-lua-20.02.3-3.8 is installed
  • OR slurm_20_02-munge-20.02.3-3.8 is installed
  • OR slurm_20_02-node-20.02.3-3.8 is installed
  • OR slurm_20_02-pam_slurm-20.02.3-3.8 is installed
  • OR slurm_20_02-plugins-20.02.3-3.8 is installed
  • OR slurm_20_02-slurmdbd-20.02.3-3.8 is installed
  • OR slurm_20_02-sql-20.02.3-3.8 is installed
  • OR slurm_20_02-sview-20.02.3-3.8 is installed
  • OR slurm_20_02-torque-20.02.3-3.8 is installed
  • OR slurm_20_02-webdoc-20.02.3-3.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 is installed
  • AND Package Information
  • kernel-livepatch-4_12_14-150_32-default-6-2 is installed
  • OR kernel-livepatch-SLE15_Update_13-6-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed
  • AND Package Information
  • libpython2_7-1_0-32bit-2.7.17-7.32 is installed
  • OR python-2.7.17-7.32 is installed
  • OR python-32bit-2.7.17-7.32 is installed
  • OR python-base-2.7.17-7.32 is installed
  • OR python-base-32bit-2.7.17-7.32 is installed
  • OR python-demo-2.7.17-7.32 is installed
  • OR python-doc-2.7.17-7.32 is installed
  • OR python-doc-pdf-2.7.17-7.32 is installed
  • OR python-idle-2.7.17-7.32 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND Package Information
  • curl-7.66.0-4.3 is installed
  • OR curl-mini-7.66.0-4.3 is installed
  • OR libcurl-devel-32bit-7.66.0-4.3 is installed
  • OR libcurl-mini-devel-7.66.0-4.3 is installed
  • OR libcurl4-mini-7.66.0-4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Public Cloud 15 SP1 is installed
  • AND cni-plugins-0.8.6-3.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 is installed
  • AND Package Information
  • libecpg6-10.12-4.19 is installed
  • OR postgresql10-10.12-4.19 is installed
  • OR postgresql10-contrib-10.12-4.19 is installed
  • OR postgresql10-devel-10.12-4.19 is installed
  • OR postgresql10-docs-10.12-4.19 is installed
  • OR postgresql10-plperl-10.12-4.19 is installed
  • OR postgresql10-plpython-10.12-4.19 is installed
  • OR postgresql10-pltcl-10.12-4.19 is installed
  • OR postgresql10-server-10.12-4.19 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • gnutls-3.2.15-11 is installed
  • OR libgnutls-openssl27-3.2.15-11 is installed
  • OR libgnutls28-3.2.15-11 is installed
  • OR libgnutls28-32bit-3.2.15-11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • openvpn-2.3.8-16.17 is installed
  • OR openvpn-auth-pam-plugin-2.3.8-16.17 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • gnome-shell-3.20.4-70 is installed
  • OR gnome-shell-browser-plugin-3.20.4-70 is installed
  • OR gnome-shell-lang-3.20.4-70 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • perl-5.18.2-12.14 is installed
  • OR perl-32bit-5.18.2-12.14 is installed
  • OR perl-base-5.18.2-12.14 is installed
  • OR perl-doc-5.18.2-12.14 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • libopenssl-devel-1.0.2j-60.30 is installed
  • OR libopenssl1_0_0-1.0.2j-60.30 is installed
  • OR libopenssl1_0_0-32bit-1.0.2j-60.30 is installed
  • OR libopenssl1_0_0-hmac-1.0.2j-60.30 is installed
  • OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.30 is installed
  • OR openssl-1.0.2j-60.30 is installed
  • OR openssl-doc-1.0.2j-60.30 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_120-92_70-default-4-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_20-4-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • aaa_base-13.2+git20140911.61c1681-36 is installed
  • OR aaa_base-extras-13.2+git20140911.61c1681-36 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • glibc-2.22-62.22 is installed
  • OR glibc-32bit-2.22-62.22 is installed
  • OR glibc-devel-2.22-62.22 is installed
  • OR glibc-devel-32bit-2.22-62.22 is installed
  • OR glibc-html-2.22-62.22 is installed
  • OR glibc-i18ndata-2.22-62.22 is installed
  • OR glibc-info-2.22-62.22 is installed
  • OR glibc-locale-2.22-62.22 is installed
  • OR glibc-locale-32bit-2.22-62.22 is installed
  • OR glibc-profile-2.22-62.22 is installed
  • OR glibc-profile-32bit-2.22-62.22 is installed
  • OR nscd-2.22-62.22 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libspice-server1-0.12.8-6 is installed
  • OR spice-0.12.8-6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND libzypp-16.19.0-2.36 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 15-LTSS is installed
  • AND Package Information
  • xen-4.10.4_12-3.35 is installed
  • OR xen-devel-4.10.4_12-3.35 is installed
  • OR xen-libs-4.10.4_12-3.35 is installed
  • OR xen-tools-4.10.4_12-3.35 is installed
  • OR xen-tools-domU-4.10.4_12-3.35 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 15 is installed
  • AND Package Information
  • java-11-openjdk-11.0.8.0-3.45 is installed
  • OR java-11-openjdk-demo-11.0.8.0-3.45 is installed
  • OR java-11-openjdk-devel-11.0.8.0-3.45 is installed
  • OR java-11-openjdk-headless-11.0.8.0-3.45 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP1 is installed
  • AND Package Information
  • LibVNCServer-0.9.10-4.19 is installed
  • OR libvncclient0-0.9.10-4.19 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND python-Jinja2-2.7.3-15 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • ansible-2.2.3.0-5 is installed
  • OR monasca-installer-20170912_10.45-5 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND python-Django-1.11.23-3.12 is installed
    • BACK