Oval Definition:oval:org.opensuse.security:def:52248
Revision Date:2020-12-01Version:1
Title:Security update for apache-commons-httpclient (Important)
Description:

This update for apache-commons-httpclient fixes the following issues:

- http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577]
Family:unixClass:patch
Status:Reference(s):1050549
1051510
1055117
1061840
1065600
1065729
1071995
1083647
1083710
1088810
1093733
1094301
1101776
1101777
1101786
1101788
1101791
1101794
1101800
1101802
1101804
1101810
1102247
1105392
1106514
1111647
1111666
1112178
1112504
1114279
1117740
1118338
1119222
1121231
1121232
1121233
1121234
1121235
1123080
1127034
1127315
1127367
1127369
1127370
1129770
1130972
1131941
1131945
1133021
1133147
1134097
1134390
1134399
1135335
1135642
1136021
1137458
1137534
1137535
1137584
1137609
1137827
1139358
1140025
1140133
1140322
1140652
1140903
1140945
1141401
1141402
1141452
1141453
1141454
1141478
1141980
1142023
1142112
1142220
1142221
1142254
1142350
1142351
1142354
1142359
1142450
1142685
1142701
1142868
1143003
1143045
1143105
1143185
1143189
1143191
1143507
1144162
1150690
1156288
1157424
1157480
1157966
1158013
1158505
1159271
1160218
1160790
1160979
1161052
1161088
1161089
1161360
1161670
1161702
1161907
1162557
1162617
1162618
1162619
1162623
1162928
1162943
1163206
1163383
1163384
1163762
1163774
1163836
1163840
1163841
1163842
1163843
1163844
1163845
1163846
1163849
1163850
1163851
1163852
1163853
1163855
1163856
1163857
1163858
1163859
1163860
1163861
1163862
1163863
1163867
1163869
1163880
1163971
1164051
1164069
1164098
1164115
1164314
1164315
1164388
1164471
1164598
1164632
1164705
1164712
1164727
1164728
1164729
1164730
1164731
1164732
1164733
1164734
1164735
1165241
1165710
1174230
1175070
1175071
1175074
1176384
1176756
1176899
1177977
1178171
945190
957624
CVE-2002-2443
CVE-2009-0844
CVE-2009-0845
CVE-2009-0846
CVE-2009-0847
CVE-2009-3295
CVE-2009-4212
CVE-2009-5029
CVE-2010-0283
CVE-2010-0628
CVE-2010-1320
CVE-2010-1321
CVE-2010-1322
CVE-2010-1323
CVE-2010-1324
CVE-2010-4020
CVE-2010-4021
CVE-2010-4022
CVE-2011-0281
CVE-2011-0282
CVE-2011-0284
CVE-2011-0285
CVE-2011-1527
CVE-2011-1528
CVE-2011-1529
CVE-2011-1530
CVE-2012-0035
CVE-2012-1012
CVE-2012-1013
CVE-2012-1016
CVE-2012-2737
CVE-2012-3406
CVE-2012-3466
CVE-2012-4412
CVE-2013-0242
CVE-2013-1415
CVE-2013-1417
CVE-2013-1418
CVE-2013-1914
CVE-2013-2207
CVE-2013-4237
CVE-2013-4242
CVE-2013-4332
CVE-2013-4458
CVE-2013-7423
CVE-2014-0475
CVE-2014-3421
CVE-2014-3422
CVE-2014-3423
CVE-2014-3424
CVE-2014-3577
CVE-2014-3591
CVE-2014-4043
CVE-2014-4341
CVE-2014-4342
CVE-2014-4343
CVE-2014-4344
CVE-2014-4345
CVE-2014-5119
CVE-2014-5351
CVE-2014-6040
CVE-2014-7204
CVE-2014-7817
CVE-2014-8121
CVE-2014-9092
CVE-2014-9402
CVE-2014-9761
CVE-2015-0837
CVE-2015-1472
CVE-2015-1473
CVE-2015-1781
CVE-2015-5262
CVE-2015-7511
CVE-2015-7547
CVE-2015-8776
CVE-2015-8777
CVE-2015-8778
CVE-2015-8779
CVE-2016-1234
CVE-2016-3075
CVE-2016-3706
CVE-2016-4429
CVE-2016-6313
CVE-2017-1000366
CVE-2017-1000408
CVE-2017-1000409
CVE-2017-12132
CVE-2017-12133
CVE-2017-15670
CVE-2017-15671
CVE-2017-15804
CVE-2017-16997
CVE-2017-18269
CVE-2017-5974
CVE-2017-5975
CVE-2017-5976
CVE-2017-5977
CVE-2017-5978
CVE-2017-5979
CVE-2017-5980
CVE-2017-5981
CVE-2017-8804
CVE-2018-1000001
CVE-2018-11236
CVE-2018-11237
CVE-2018-11354
CVE-2018-11355
CVE-2018-11356
CVE-2018-11357
CVE-2018-11358
CVE-2018-11359
CVE-2018-11360
CVE-2018-11361
CVE-2018-11362
CVE-2018-12086
CVE-2018-14339
CVE-2018-14340
CVE-2018-14341
CVE-2018-14342
CVE-2018-14343
CVE-2018-14344
CVE-2018-14367
CVE-2018-14368
CVE-2018-14369
CVE-2018-14370
CVE-2018-16056
CVE-2018-16057
CVE-2018-16058
CVE-2018-18225
CVE-2018-18226
CVE-2018-18227
CVE-2018-19622
CVE-2018-19623
CVE-2018-19624
CVE-2018-19625
CVE-2018-19626
CVE-2018-19627
CVE-2018-19628
CVE-2018-20855
CVE-2018-6485
CVE-2018-6551
CVE-2019-10894
CVE-2019-10895
CVE-2019-10896
CVE-2019-10897
CVE-2019-10898
CVE-2019-10899
CVE-2019-10900
CVE-2019-10901
CVE-2019-10902
CVE-2019-10903
CVE-2019-1125
CVE-2019-11810
CVE-2019-13619
CVE-2019-13631
CVE-2019-13648
CVE-2019-14283
CVE-2019-14284
CVE-2019-16319
CVE-2019-16785
CVE-2019-16786
CVE-2019-16789
CVE-2019-16792
CVE-2019-19553
CVE-2019-5716
CVE-2019-5717
CVE-2019-5718
CVE-2019-5719
CVE-2019-5721
CVE-2019-9208
CVE-2019-9209
CVE-2019-9214
CVE-2020-11984
CVE-2020-11993
CVE-2020-15673
CVE-2020-15676
CVE-2020-15677
CVE-2020-15678
CVE-2020-15683
CVE-2020-15969
CVE-2020-2732
CVE-2020-7044
CVE-2020-8648
CVE-2020-8992
CVE-2020-9428
CVE-2020-9429
CVE-2020-9430
CVE-2020-9431
CVE-2020-9490
SUSE-SU-2020:0688-1
SUSE-SU-2020:0693-1
SUSE-SU-2020:2344-1
SUSE-SU-2020:3091-1
SUSE-SU-2020:3269-1
Platform(s):openSUSE Leap 15.0
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Workstation Extension 15
SUSE Linux Enterprise Workstation Extension 15 SP1
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • MozillaFirefox-60.0-lp150.2 is installed
  • OR MozillaFirefox-translations-common-60.0-lp150.2 is installed
  • OR MozillaFirefox-translations-other-60.0-lp150.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND Package Information
  • MozillaFirefox-17.0.5esr-0.4 is installed
  • OR MozillaFirefox-branding-SLED-7-0.6.9 is installed
  • OR MozillaFirefox-translations-17.0.5esr-0.4 is installed
  • OR libfreebl3-3.14.3-0.4.3 is installed
  • OR libfreebl3-32bit-3.14.3-0.4.3 is installed
  • OR mozilla-nspr-4.9.6-0.3 is installed
  • OR mozilla-nspr-32bit-4.9.6-0.3 is installed
  • OR mozilla-nss-3.14.3-0.4.3 is installed
  • OR mozilla-nss-32bit-3.14.3-0.4.3 is installed
  • OR mozilla-nss-tools-3.14.3-0.4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND Package Information
  • curl-7.19.7-1.46 is installed
  • OR libcurl4-7.19.7-1.46 is installed
  • OR libcurl4-32bit-7.19.7-1.46 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • krb5-1.12.1-6 is installed
  • OR krb5-32bit-1.12.1-6 is installed
  • OR krb5-client-1.12.1-6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • libjpeg-turbo-1.3.1-30 is installed
  • OR libjpeg62-62.1.0-30 is installed
  • OR libjpeg62-32bit-62.1.0-30 is installed
  • OR libjpeg62-turbo-1.3.1-30 is installed
  • OR libjpeg8-8.0.2-30 is installed
  • OR libjpeg8-32bit-8.0.2-30 is installed
  • OR libturbojpeg0-8.0.2-30 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND ctags-5.8-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • accountsservice-0.6.42-14 is installed
  • OR accountsservice-lang-0.6.42-14 is installed
  • OR libaccountsservice0-0.6.42-14 is installed
  • OR typelib-1_0-AccountsService-1_0-0.6.42-14 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • emacs-24.3-25.3 is installed
  • OR emacs-info-24.3-25.3 is installed
  • OR emacs-x11-24.3-25.3 is installed
  • OR etags-24.3-25.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed
  • AND Package Information
  • apache-commons-httpclient-3.1-4.3 is installed
  • OR apache-commons-httpclient-demo-3.1-4.3 is installed
  • OR apache-commons-httpclient-javadoc-3.1-4.3 is installed
  • OR apache-commons-httpclient-manual-3.1-4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND libjansson4-2.7-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND sudo-1.8.10p3-2.16 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND libgypsy0-0.9-6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • MozillaFirefox-52.9.0esr-109.38 is installed
  • OR MozillaFirefox-devel-52.9.0esr-109.38 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr5.20-30.36 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr5.20-30.36 is installed
  • OR java-1_8_0-ibm-devel-1.8.0_sr5.20-30.36 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr5.20-30.36 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • apache2-2.4.23-29.24 is installed
  • OR apache2-doc-2.4.23-29.24 is installed
  • OR apache2-example-pages-2.4.23-29.24 is installed
  • OR apache2-prefork-2.4.23-29.24 is installed
  • OR apache2-utils-2.4.23-29.24 is installed
  • OR apache2-worker-2.4.23-29.24 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • at-3.1.14-7 is installed
  • OR flex-2.5.37-8 is installed
  • OR flex-32bit-2.5.37-8 is installed
  • OR libQtWebKit4-4.8.6+2.3.3-3 is installed
  • OR libQtWebKit4-32bit-4.8.6+2.3.3-3 is installed
  • OR libbonobo-2.32.1-16 is installed
  • OR libbonobo-32bit-2.32.1-16 is installed
  • OR libbonobo-doc-2.32.1-16 is installed
  • OR libbonobo-lang-2.32.1-16 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr5.40-30.54 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • perl-5.18.2-12.20 is installed
  • OR perl-32bit-5.18.2-12.20 is installed
  • OR perl-base-5.18.2-12.20 is installed
  • OR perl-doc-5.18.2-12.20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • libopenssl-devel-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-32bit-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-hmac-1.0.2j-60.55 is installed
  • OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.55 is installed
  • OR openssl-1.0.2j-60.55 is installed
  • OR openssl-doc-1.0.2j-60.55 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libsoup-2.62.2-5.7 is installed
  • OR libsoup-2_4-1-2.62.2-5.7 is installed
  • OR libsoup-2_4-1-32bit-2.62.2-5.7 is installed
  • OR libsoup-lang-2.62.2-5.7 is installed
  • OR typelib-1_0-Soup-2_4-2.62.2-5.7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • kernel-firmware-20180525-3 is installed
  • OR ucode-amd-20180525-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 15-LTSS is installed
  • AND Package Information
  • libmaxminddb-1.4.2-1.3 is installed
  • OR libmaxminddb-devel-1.4.2-1.3 is installed
  • OR libmaxminddb0-1.4.2-1.3 is installed
  • OR libmaxminddb0-32bit-1.4.2-1.3 is installed
  • OR libspandsp2-0.0.6-3.2 is installed
  • OR libwireshark13-3.2.2-3.35 is installed
  • OR libwiretap10-3.2.2-3.35 is installed
  • OR libwsutil11-3.2.2-3.35 is installed
  • OR mmdblookup-1.4.2-1.3 is installed
  • OR spandsp-0.0.6-3.2 is installed
  • OR wireshark-3.2.2-3.35 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 15 is installed
  • AND Package Information
  • apache2-2.4.33-3.33 is installed
  • OR apache2-devel-2.4.33-3.33 is installed
  • OR apache2-doc-2.4.33-3.33 is installed
  • OR apache2-prefork-2.4.33-3.33 is installed
  • OR apache2-utils-2.4.33-3.33 is installed
  • OR apache2-worker-2.4.33-3.33 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 is installed
  • AND Package Information
  • kernel-default-4.12.14-150.32 is installed
  • OR kernel-default-extra-4.12.14-150.32 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP1 is installed
  • AND Package Information
  • MozillaThunderbird-78.4.0-3.99 is installed
  • OR MozillaThunderbird-translations-common-78.4.0-3.99 is installed
  • OR MozillaThunderbird-translations-other-78.4.0-3.99 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • openstack-nova-14.0.10~dev13-4.11 is installed
  • OR openstack-nova-api-14.0.10~dev13-4.11 is installed
  • OR openstack-nova-cells-14.0.10~dev13-4.11 is installed
  • OR openstack-nova-cert-14.0.10~dev13-4.11 is installed
  • OR openstack-nova-compute-14.0.10~dev13-4.11 is installed
  • OR openstack-nova-conductor-14.0.10~dev13-4.11 is installed
  • OR openstack-nova-console-14.0.10~dev13-4.11 is installed
  • OR openstack-nova-consoleauth-14.0.10~dev13-4.11 is installed
  • OR openstack-nova-doc-14.0.10~dev13-4.11 is installed
  • OR openstack-nova-novncproxy-14.0.10~dev13-4.11 is installed
  • OR openstack-nova-placement-api-14.0.10~dev13-4.11 is installed
  • OR openstack-nova-scheduler-14.0.10~dev13-4.11 is installed
  • OR openstack-nova-serialproxy-14.0.10~dev13-4.11 is installed
  • OR openstack-nova-vncproxy-14.0.10~dev13-4.11 is installed
  • OR python-nova-14.0.10~dev13-4.11 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND ansible-2.4.6.0-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • ruby2.1-rubygem-loofah-2.0.2-3.8 is installed
  • OR rubygem-loofah-2.0.2-3.8 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND python-Django1-1.11.20-3.6 is installed
    • BACK