OVAL Reference oval:org.opensuse.security:def:51000

Oval Definition:

oval:org.opensuse.security:def:51000

Revision Date:	2020-12-01	Version:	1
Title:	Security update for apache-commons-httpclient (Important)
Description:	This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577]
Family:	unix	Class:	patch
Status:		Reference(s):	1058115 1071995 1082318 1115375 1119454 1131233 1131237 1131239 1131241 1131245 1133297 1136446 1137597 1140747 1141025 1141780 1141782 1141783 1141784 1141785 1141786 1141787 1141789 1146090 1146091 1146093 1146094 1146095 1146097 1146099 1146100 1151317 1151612 1154366 1154999 1158257 1165629 1165631 1169134 1170487 1171862 1171988 1172380 1172428 1173477 1173691 1173694 1173700 1173701 1173743 1173798 1173874 1173875 1173876 1173880 1174091 1174205 1174591 1174757 1175061 1175112 1175122 1175128 1175204 1175213 1175240 1175476 1175515 1175518 1175691 1175781 1175992 1176069 1177211 1177843 1178171 945190 CVE-2014-3577 CVE-2015-5262 CVE-2017-18922 CVE-2018-21247 CVE-2019-0196 CVE-2019-0197 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220 CVE-2019-11043 CVE-2019-11477 CVE-2019-11478 CVE-2019-14562 CVE-2019-20839 CVE-2019-20840 CVE-2019-20907 CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842 CVE-2019-3846 CVE-2019-7317 CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 CVE-2020-10135 CVE-2020-10756 CVE-2020-12823 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-14386 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-16166 CVE-2020-1749 CVE-2020-24394 CVE-2020-25660 CVE-2020-26116 SUSE-SU-2019:0873-1 SUSE-SU-2019:2021-1 SUSE-SU-2019:2259-1 SUSE-SU-2019:2819-1 SUSE-SU-2019:2982-1 SUSE-SU-2020:1915-1 SUSE-SU-2020:1922-1 SUSE-SU-2020:1930-1 SUSE-SU-2020:2610-1 SUSE-SU-2020:3115-1 SUSE-SU-2020:3152-1
Platform(s):	SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for additional PackageHub packages 15 SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Containers 15 SP2 SUSE Linux Enterprise Module for Legacy Software 15 SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 SUSE Linux Enterprise Module for Python2 packages 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Web Scripting 15 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9	Product(s):
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information MozillaFirefox-17.0.9esr-0.3 is installed OR MozillaFirefox-translations-17.0.9esr-0.3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information libecpg6-9.1.15-0.3 is installed OR libpq5-9.1.15-0.3 is installed OR libpq5-32bit-9.1.15-0.3 is installed OR postgresql91-9.1.15-0.3 is installed OR postgresql91-docs-9.1.15-0.3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 is installed AND Package Information libgcrypt20-1.6.1-9 is installed OR libgcrypt20-32bit-1.6.1-9 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND argyllcms-1.6.3-1 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information bzip2-1.0.6-29 is installed OR libbz2-1-1.0.6-29 is installed OR libbz2-1-32bit-1.0.6-29 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information alsa-1.0.27.2-15 is installed OR libasound2-1.0.27.2-15 is installed OR libasound2-32bit-1.0.27.2-15 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information cpio-2.11-36.3 is installed OR cpio-lang-2.11-36.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for additional PackageHub packages 15 is installed AND Package Information php7-7.2.5-4.46 is installed OR php7-embed-7.2.5-4.46 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed AND apache-commons-httpclient-3.1-11.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Containers 15 SP2 is installed AND slirp4netns-0.4.7-3.12 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Legacy Software 15 SP1 is installed AND Package Information java-1_8_0-openjdk-1.8.0.222-3.24 is installed OR java-1_8_0-openjdk-demo-1.8.0.222-3.24 is installed OR java-1_8_0-openjdk-devel-1.8.0.222-3.24 is installed OR java-1_8_0-openjdk-headless-1.8.0.222-3.24 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-livepatch-4_12_14-25_25-default-5-2 is installed OR kernel-livepatch-SLE15_Update_7-5-2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed AND Package Information libzstd-devel-static-1.4.4-1.3 is installed OR zstd-1.4.4-1.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Python2 packages 15 SP1 is installed AND Package Information python-2.7.17-7.44 is installed OR python-base-2.7.17-7.44 is installed OR python-curses-2.7.17-7.44 is installed OR python-devel-2.7.17-7.44 is installed OR python-gdbm-2.7.17-7.44 is installed OR python-xml-2.7.17-7.44 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information apache2-2.4.33-3.15 is installed OR apache2-devel-2.4.33-3.15 is installed OR apache2-doc-2.4.33-3.15 is installed OR apache2-prefork-2.4.33-3.15 is installed OR apache2-utils-2.4.33-3.15 is installed OR apache2-worker-2.4.33-3.15 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed AND Package Information nodejs10-10.16.3-1.12 is installed OR nodejs10-devel-10.16.3-1.12 is installed OR nodejs10-docs-10.16.3-1.12 is installed OR npm10-10.16.3-1.12 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND ppc64-diag-2.6.9-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_40-default-5-4 is installed OR kgraft-patch-3_12_74-60_64_40-xen-5-4 is installed OR kgraft-patch-SLE12-SP1_Update_15-5-4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information colord-gtk-lang-0.1.26-6 is installed OR libcolord-gtk1-0.1.26-6 is installed OR libcolord2-1.3.3-10 is installed OR libcolord2-32bit-1.3.3-10 is installed OR libcolorhug2-1.3.3-10 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information bzip2-1.0.6-30.8 is installed OR bzip2-doc-1.0.6-30.8 is installed OR libbz2-1-1.0.6-30.8 is installed OR libbz2-1-32bit-1.0.6-30.8 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information libopenssl-devel-1.0.2j-60.30 is installed OR libopenssl1_0_0-1.0.2j-60.30 is installed OR libopenssl1_0_0-32bit-1.0.2j-60.30 is installed OR libopenssl1_0_0-hmac-1.0.2j-60.30 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.30 is installed OR openssl-1.0.2j-60.30 is installed OR openssl-doc-1.0.2j-60.30 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND ucode-intel-20180703-13.25 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information coreutils-8.25-12 is installed OR coreutils-lang-8.25-12 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libecpg6-10.9-1.12 is installed OR libpq5-10.9-1.12 is installed OR libpq5-32bit-10.9-1.12 is installed OR postgresql10-10.9-1.12 is installed OR postgresql10-contrib-10.9-1.12 is installed OR postgresql10-docs-10.9-1.12 is installed OR postgresql10-libs-10.9-1.12 is installed OR postgresql10-plperl-10.9-1.12 is installed OR postgresql10-plpython-10.9-1.12 is installed OR postgresql10-pltcl-10.9-1.12 is installed OR postgresql10-server-10.9-1.12 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information ibus-1.5.13-15.11 is installed OR ibus-gtk-1.5.13-15.11 is installed OR ibus-gtk3-1.5.13-15.11 is installed OR ibus-lang-1.5.13-15.11 is installed OR libibus-1_0-5-1.5.13-15.11 is installed OR typelib-1_0-IBus-1_0-1.5.13-15.11 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_156-94_64-default-6-2 is installed OR kgraft-patch-SLE12-SP3_Update_20-6-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information MozillaFirefox-60.7.2-109.80 is installed OR MozillaFirefox-translations-common-60.7.2-109.80 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information ghostscript-9.25-23.13 is installed OR ghostscript-x11-9.25-23.13 is installed
Definition Synopsis
SUSE Linux Enterprise Server for SAP Applications 15 is installed AND Package Information kernel-default-4.12.14-150.58 is installed OR kernel-default-base-4.12.14-150.58 is installed OR kernel-default-devel-4.12.14-150.58 is installed OR kernel-devel-4.12.14-150.58 is installed OR kernel-docs-4.12.14-150.58 is installed OR kernel-macros-4.12.14-150.58 is installed OR kernel-obs-build-4.12.14-150.58 is installed OR kernel-source-4.12.14-150.58 is installed OR kernel-syms-4.12.14-150.58 is installed OR kernel-vanilla-4.12.14-150.58 is installed OR kernel-vanilla-base-4.12.14-150.58 is installed OR reiserfs-kmp-default-4.12.14-150.58 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND enigmail-2.1.2-3.19 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND Package Information dnsmasq-2.71-13 is installed OR dnsmasq-utils-2.71-13 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information nodejs-common-1.0-2 is installed OR nodejs6-6.11.1-11.5 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information evince-3.20.2-6.27 is installed OR evince-browser-plugin-3.20.2-6.27 is installed OR evince-lang-3.20.2-6.27 is installed OR evince-plugin-djvudocument-3.20.2-6.27 is installed OR evince-plugin-dvidocument-3.20.2-6.27 is installed OR evince-plugin-pdfdocument-3.20.2-6.27 is installed OR evince-plugin-psdocument-3.20.2-6.27 is installed OR evince-plugin-tiffdocument-3.20.2-6.27 is installed OR evince-plugin-xpsdocument-3.20.2-6.27 is installed OR libevdocument3-4-3.20.2-6.27 is installed OR libevview3-3-3.20.2-6.27 is installed OR nautilus-evince-3.20.2-6.27 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND ucode-intel-20190618-13.47 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information crowbar-core-6.0+git.1573825081.b1caf60f1-3.16 is installed OR crowbar-core-branding-upstream-6.0+git.1573825081.b1caf60f1-3.16 is installed OR crowbar-openstack-6.0+git.1573754820.dd036ef77-3.16 is installed OR crowbar-ui-1.3.0+git.1572871359.50fc6087-14 is installed OR openstack-barbican-7.0.1~dev21-3.3 is installed OR openstack-barbican-api-7.0.1~dev21-3.3 is installed OR openstack-barbican-keystone-listener-7.0.1~dev21-3.3 is installed OR openstack-barbican-retry-7.0.1~dev21-3.3 is installed OR openstack-barbican-worker-7.0.1~dev21-3.3 is installed OR openstack-heat-templates-0.0.0+git.1553459627.948e8cc-3.3 is installed OR openstack-keystone-14.1.1~dev28-3.16 is installed OR openstack-neutron-13.0.6~dev8-3.16 is installed OR openstack-neutron-dhcp-agent-13.0.6~dev8-3.16 is installed OR openstack-neutron-gbp-5.0.1~dev476-3.13 is installed OR openstack-neutron-ha-tool-13.0.6~dev8-3.16 is installed OR openstack-neutron-l3-agent-13.0.6~dev8-3.16 is installed OR openstack-neutron-lbaas-13.0.1~dev16-3.13 is installed OR openstack-neutron-lbaas-agent-13.0.1~dev16-3.13 is installed OR openstack-neutron-linuxbridge-agent-13.0.6~dev8-3.16 is installed OR openstack-neutron-macvtap-agent-13.0.6~dev8-3.16 is installed OR openstack-neutron-metadata-agent-13.0.6~dev8-3.16 is installed OR openstack-neutron-metering-agent-13.0.6~dev8-3.16 is installed OR openstack-neutron-openvswitch-agent-13.0.6~dev8-3.16 is installed OR openstack-neutron-server-13.0.6~dev8-3.16 is installed OR openstack-nova-18.2.4~dev22-3.16 is installed OR openstack-nova-api-18.2.4~dev22-3.16 is installed OR openstack-nova-cells-18.2.4~dev22-3.16 is installed OR openstack-nova-compute-18.2.4~dev22-3.16 is installed OR openstack-nova-conductor-18.2.4~dev22-3.16 is installed OR openstack-nova-console-18.2.4~dev22-3.16 is installed OR openstack-nova-novncproxy-18.2.4~dev22-3.16 is installed OR openstack-nova-placement-api-18.2.4~dev22-3.16 is installed OR openstack-nova-scheduler-18.2.4~dev22-3.16 is installed OR openstack-nova-serialproxy-18.2.4~dev22-3.16 is installed OR openstack-nova-vncproxy-18.2.4~dev22-3.16 is installed OR openstack-octavia-3.2.1~dev3-3.16 is installed OR openstack-octavia-amphora-agent-3.2.1~dev3-3.16 is installed OR openstack-octavia-api-3.2.1~dev3-3.16 is installed OR openstack-octavia-health-manager-3.2.1~dev3-3.16 is installed OR openstack-octavia-housekeeping-3.2.1~dev3-3.16 is installed OR openstack-octavia-worker-3.2.1~dev3-3.16 is installed OR openstack-sahara-9.0.2~dev14-3.6 is installed OR openstack-sahara-api-9.0.2~dev14-3.6 is installed OR openstack-sahara-engine-9.0.2~dev14-3.6 is installed OR python-barbican-7.0.1~dev21-3.3 is installed OR python-keystone-14.1.1~dev28-3.16 is installed OR python-neutron-13.0.6~dev8-3.16 is installed OR python-neutron-gbp-5.0.1~dev476-3.13 is installed OR python-neutron-lbaas-13.0.1~dev16-3.13 is installed OR python-nova-18.2.4~dev22-3.16 is installed OR python-octavia-3.2.1~dev3-3.16 is installed OR python-psutil-5.4.6-3.3 is installed OR python-sahara-9.0.2~dev14-3.6 is installed OR release-notes-suse-openstack-cloud-9.20191025-3.15 is installed

BACK