Oval Definition:	oval:org.opensuse.security:def:52490
Revision Date: 2020-12-01 Version: 1 Title: Security update for apache-commons-httpclient (Important) Description: This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577] Family: unix Class: patch Status: Reference(s): 1013712 1046305 1046306 1046307 1051510 1065600 1081917 1083647 1086288 1086315 1086317 1086327 1086331 1086906 1087092 1090888 1097104 1097577 1097583 1097584 1097585 1097586 1097587 1097588 1097808 1100132 1101480 1101669 1101822 1102517 1102715 1103269 1103277 1103363 1103445 1103886 1104353 1104365 1104427 1104482 1104494 1104495 1104683 1104708 1104777 1104890 1104897 1105292 1105296 1105322 1105355 1105378 1105396 1105467 1105731 1178171 1178894 802154 945190 971975 CVE-2007-4772 CVE-2007-6600 CVE-2008-4225 CVE-2008-4226 CVE-2008-4409 CVE-2009-2666 CVE-2009-4034 CVE-2009-4136 CVE-2010-1167 CVE-2010-1169 CVE-2010-1170 CVE-2010-2547 CVE-2010-2947 CVE-2010-3433 CVE-2011-1947 CVE-2011-3172 CVE-2011-3389 CVE-2011-4182 CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 CVE-2012-2143 CVE-2012-2655 CVE-2012-3482 CVE-2012-3488 CVE-2012-3489 CVE-2012-5134 CVE-2013-0255 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2013-1982 CVE-2013-4314 CVE-2013-4351 CVE-2013-4402 CVE-2013-6369 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 CVE-2014-3577 CVE-2014-3634 CVE-2014-4617 CVE-2015-1606 CVE-2015-1607 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 CVE-2015-5262 CVE-2015-5288 CVE-2015-5289 CVE-2016-0766 CVE-2016-0773 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2193 CVE-2016-3065 CVE-2016-3627 CVE-2016-3705 CVE-2016-4483 CVE-2016-9798 CVE-2017-15098 CVE-2017-15099 CVE-2017-7467 CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 CVE-2018-1053 CVE-2018-1058 CVE-2018-10853 CVE-2018-10902 CVE-2018-10915 CVE-2018-10925 CVE-2018-1115 CVE-2018-15572 CVE-2018-9363 CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 SUSE-SU-2018:2539-1 SUSE-SU-2019:3046-1 SUSE-SU-2020:3528-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE Linux Enterprise Workstation Extension 15 SP2 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND dracut-044.1-lp150.13 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libopenssl-1_1-devel-1.1.0i-lp151.8.3 is installed OR libopenssl-1_1-devel-32bit-1.1.0i-lp151.8.3 is installed OR libopenssl1_1-1.1.0i-lp151.8.3 is installed OR libopenssl1_1-32bit-1.1.0i-lp151.8.3 is installed OR libopenssl1_1-hmac-1.1.0i-lp151.8.3 is installed OR libopenssl1_1-hmac-32bit-1.1.0i-lp151.8.3 is installed OR openssl-1_1-1.1.0i-lp151.8.3 is installed OR openssl-1_1-doc-1.1.0i-lp151.8.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information libvirt-0.9.6-0.21 is installed OR libvirt-client-0.9.6-0.21 is installed OR libvirt-client-32bit-0.9.6-0.21 is installed OR libvirt-doc-0.9.6-0.21 is installed OR libvirt-python-0.9.6-0.21 is installed OR virt-manager-0.9.0-3.19 is installed OR vm-install-0.5.10-0.5 is installed OR xen-4.1.2_20-0.5 is installed OR xen-doc-html-4.1.2_20-0.5 is installed OR xen-doc-pdf-4.1.2_20-0.5 is installed OR xen-kmp-default-4.1.2_20_3.0.38_0.5-0.5 is installed OR xen-kmp-trace-4.1.2_20_3.0.38_0.5-0.5 is installed OR xen-libs-4.1.2_20-0.5 is installed OR xen-libs-32bit-4.1.2_20-0.5 is installed OR xen-tools-4.1.2_20-0.5 is installed OR xen-tools-domU-4.1.2_20-0.5 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information krb5-1.6.3-133.49.66 is installed OR krb5-32bit-1.6.3-133.49.66 is installed OR krb5-client-1.6.3-133.49.66 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND fetchmail-6.3.26-5 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information libHX28-3.18-1 is installed OR libHX28-32bit-3.18-1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information libXext6-1.3.2-3 is installed OR libXext6-32bit-1.3.2-3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information gpg2-2.0.24-8 is installed OR gpg2-lang-2.0.24-8 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information libecpg6-10.5-1.3 is installed OR libpq5-10.5-1.3 is installed OR libpq5-32bit-10.5-1.3 is installed OR postgresql10-10.5-1.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Legacy Software 15 is installed AND Package Information kernel-default-4.12.14-25.16 is installed OR reiserfs-kmp-default-4.12.14-25.16 is installed Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed AND Package Information apache-commons-httpclient-3.1-11.3 is installed OR apache-commons-httpclient-demo-3.1-11.3 is installed OR apache-commons-httpclient-javadoc-3.1-11.3 is installed OR apache-commons-httpclient-manual-3.1-11.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information liblcms1-1.19-17 is installed OR liblcms1-32bit-1.19-17 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_69-60_64_29-default-6-2 is installed OR kgraft-patch-3_12_69-60_64_29-xen-6-2 is installed OR kgraft-patch-SLE12-SP1_Update_12-6-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information jasper-1.900.14-194 is installed OR libjasper1-1.900.14-194 is installed OR libjasper1-32bit-1.900.14-194 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information java-1_7_0-openjdk-1.7.0.181-43.15 is installed OR java-1_7_0-openjdk-demo-1.7.0.181-43.15 is installed OR java-1_7_0-openjdk-devel-1.7.0.181-43.15 is installed OR java-1_7_0-openjdk-headless-1.7.0.181-43.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information perl-5.18.2-12.14 is installed OR perl-32bit-5.18.2-12.14 is installed OR perl-base-5.18.2-12.14 is installed OR perl-doc-5.18.2-12.14 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_121-92_73-default-2-2 is installed OR kgraft-patch-SLE12-SP2_Update_21-2-2 is installed Definition Synopsis Release Information SUSE Linux Enterprise Server 12 SP3 is installed AND MozillaFirefox-60.7.2-109.80 is installed OR MozillaFirefox-translations-common-60.7.2-109.80 is installed OR Package Information SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND MozillaFirefox-60.7.2-109.80 is installed OR MozillaFirefox-translations-common-60.7.2-109.80 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information gnome-keyring-3.20.0-27 is installed OR gnome-keyring-32bit-3.20.0-27 is installed OR gnome-keyring-lang-3.20.0-27 is installed OR gnome-keyring-pam-3.20.0-27 is installed OR gnome-keyring-pam-32bit-3.20.0-27 is installed OR libgck-modules-gnome-keyring-3.20.0-27 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information java-1_7_0-openjdk-1.7.0.241-43.30 is installed OR java-1_7_0-openjdk-demo-1.7.0.241-43.30 is installed OR java-1_7_0-openjdk-devel-1.7.0.241-43.30 is installed OR java-1_7_0-openjdk-headless-1.7.0.241-43.30 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND ucode-intel-20190618-13.47 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information curl-7.37.0-37.43 is installed OR libcurl4-7.37.0-37.43 is installed OR libcurl4-32bit-7.37.0-37.43 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND axis-1.4-290.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information alsa-1.0.27.2-15 is installed OR alsa-docs-1.0.27.2-15 is installed OR libasound2-1.0.27.2-15 is installed OR libasound2-32bit-1.0.27.2-15 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND Package Information bluez-5.48-5.19 is installed OR bluez-cups-5.48-5.19 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 SP2 is installed AND Package Information MozillaThunderbird-78.5.0-3.107 is installed OR MozillaThunderbird-translations-common-78.5.0-3.107 is installed OR MozillaThunderbird-translations-other-78.5.0-3.107 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND Package Information kernel-default-3.12.74-60.64.63 is installed OR kernel-default-base-3.12.74-60.64.63 is installed OR kernel-default-devel-3.12.74-60.64.63 is installed OR kernel-devel-3.12.74-60.64.63 is installed OR kernel-macros-3.12.74-60.64.63 is installed OR kernel-source-3.12.74-60.64.63 is installed OR kernel-syms-3.12.74-60.64.63 is installed OR kernel-xen-3.12.74-60.64.63 is installed OR kernel-xen-base-3.12.74-60.64.63 is installed OR kernel-xen-devel-3.12.74-60.64.63 is installed OR kgraft-patch-3_12_74-60_64_63-default-1-2 is installed OR kgraft-patch-3_12_74-60_64_63-xen-1-2 is installed OR kgraft-patch-SLE12-SP1_Update_22-1-2 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND clamav-0.100.2-33.18 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND ucode-intel-20190618-13.47 is installed Definition Synopsis SUSE OpenStack Cloud 9 is installed AND python-urllib3-1.23-3.6 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information java-1_8_0-ibm-1.8.0_sr5.40-30.54 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND python-Django1-1.11.20-3.6 is installed
BACK