Oval Definition:oval:org.opensuse.security:def:53707
Revision Date:2020-12-01Version:1
Title:Security update for apache-commons-httpclient (Important)
Description:

This update for apache-commons-httpclient fixes the following issues:

- http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577]
Family:unixClass:patch
Status:Reference(s):1017646
1023067
1023069
1023070
1023071
1023380
1027778
1027782
1027787
1032017
1032018
1032019
1035534
1035596
1037739
1046848
1050305
1060354
1060355
1060360
1060361
1060362
1060364
1075772
1084894
1088262
1088263
1091606
1091772
1092699
1094359
1095601
1095639
1096673
1098891
1099031
1137595
1138872
1178171
900214
900218
929414
945190
958791
961491
965875
982779
CVE-2008-3825
CVE-2009-0035
CVE-2009-1384
CVE-2013-1983
CVE-2014-3577
CVE-2014-3693
CVE-2015-3622
CVE-2015-5262
CVE-2015-8540
CVE-2016-0739
CVE-2016-10087
CVE-2016-10198
CVE-2016-10199
CVE-2016-1544
CVE-2016-4008
CVE-2016-7944
CVE-2016-9634
CVE-2016-9635
CVE-2016-9636
CVE-2016-9807
CVE-2016-9808
CVE-2016-9810
CVE-2017-10672
CVE-2017-14491
CVE-2017-14492
CVE-2017-14493
CVE-2017-14494
CVE-2017-14495
CVE-2017-14496
CVE-2017-5840
CVE-2017-5841
CVE-2017-5845
CVE-2017-5852
CVE-2017-5853
CVE-2017-5854
CVE-2017-5855
CVE-2017-5886
CVE-2017-6840
CVE-2017-6844
CVE-2017-6847
CVE-2017-7378
CVE-2017-7379
CVE-2017-7380
CVE-2017-7994
CVE-2017-8054
CVE-2017-8787
CVE-2018-10583
CVE-2018-1116
CVE-2018-5308
CVE-2018-8001
CVE-2019-11703
CVE-2019-11704
CVE-2019-11705
CVE-2019-11706
CVE-2019-11707
CVE-2019-11708
SUSE-SU-2016:0625-1
SUSE-SU-2016:1601-1
SUSE-SU-2017:0860-1
SUSE-SU-2017:2618-1
SUSE-SU-2018:0123-1
SUSE-SU-2018:2163-1
SUSE-SU-2018:2481-1
SUSE-SU-2018:2485-1
SUSE-SU-2019:1683-1
SUSE-SU-2020:3151-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Workstation Extension 15
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • cron-4.2-lp150.2 is installed
  • OR cronie-1.5.1-lp150.2 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • apache2-mod_php7-7.2.5-lp151.6.3 is installed
  • OR php7-7.2.5-lp151.6.3 is installed
  • OR php7-bcmath-7.2.5-lp151.6.3 is installed
  • OR php7-bz2-7.2.5-lp151.6.3 is installed
  • OR php7-calendar-7.2.5-lp151.6.3 is installed
  • OR php7-ctype-7.2.5-lp151.6.3 is installed
  • OR php7-curl-7.2.5-lp151.6.3 is installed
  • OR php7-dba-7.2.5-lp151.6.3 is installed
  • OR php7-devel-7.2.5-lp151.6.3 is installed
  • OR php7-dom-7.2.5-lp151.6.3 is installed
  • OR php7-embed-7.2.5-lp151.6.3 is installed
  • OR php7-enchant-7.2.5-lp151.6.3 is installed
  • OR php7-exif-7.2.5-lp151.6.3 is installed
  • OR php7-fastcgi-7.2.5-lp151.6.3 is installed
  • OR php7-fileinfo-7.2.5-lp151.6.3 is installed
  • OR php7-firebird-7.2.5-lp151.6.3 is installed
  • OR php7-fpm-7.2.5-lp151.6.3 is installed
  • OR php7-ftp-7.2.5-lp151.6.3 is installed
  • OR php7-gd-7.2.5-lp151.6.3 is installed
  • OR php7-gettext-7.2.5-lp151.6.3 is installed
  • OR php7-gmp-7.2.5-lp151.6.3 is installed
  • OR php7-iconv-7.2.5-lp151.6.3 is installed
  • OR php7-intl-7.2.5-lp151.6.3 is installed
  • OR php7-json-7.2.5-lp151.6.3 is installed
  • OR php7-ldap-7.2.5-lp151.6.3 is installed
  • OR php7-mbstring-7.2.5-lp151.6.3 is installed
  • OR php7-mysql-7.2.5-lp151.6.3 is installed
  • OR php7-odbc-7.2.5-lp151.6.3 is installed
  • OR php7-opcache-7.2.5-lp151.6.3 is installed
  • OR php7-openssl-7.2.5-lp151.6.3 is installed
  • OR php7-pcntl-7.2.5-lp151.6.3 is installed
  • OR php7-pdo-7.2.5-lp151.6.3 is installed
  • OR php7-pear-7.2.5-lp151.6.3 is installed
  • OR php7-pear-Archive_Tar-7.2.5-lp151.6.3 is installed
  • OR php7-pgsql-7.2.5-lp151.6.3 is installed
  • OR php7-phar-7.2.5-lp151.6.3 is installed
  • OR php7-posix-7.2.5-lp151.6.3 is installed
  • OR php7-readline-7.2.5-lp151.6.3 is installed
  • OR php7-shmop-7.2.5-lp151.6.3 is installed
  • OR php7-snmp-7.2.5-lp151.6.3 is installed
  • OR php7-soap-7.2.5-lp151.6.3 is installed
  • OR php7-sockets-7.2.5-lp151.6.3 is installed
  • OR php7-sodium-7.2.5-lp151.6.3 is installed
  • OR php7-sqlite-7.2.5-lp151.6.3 is installed
  • OR php7-sysvmsg-7.2.5-lp151.6.3 is installed
  • OR php7-sysvsem-7.2.5-lp151.6.3 is installed
  • OR php7-sysvshm-7.2.5-lp151.6.3 is installed
  • OR php7-testresults-7.2.5-lp151.6.3 is installed
  • OR php7-tidy-7.2.5-lp151.6.3 is installed
  • OR php7-tokenizer-7.2.5-lp151.6.3 is installed
  • OR php7-wddx-7.2.5-lp151.6.3 is installed
  • OR php7-xmlreader-7.2.5-lp151.6.3 is installed
  • OR php7-xmlrpc-7.2.5-lp151.6.3 is installed
  • OR php7-xmlwriter-7.2.5-lp151.6.3 is installed
  • OR php7-xsl-7.2.5-lp151.6.3 is installed
  • OR php7-zip-7.2.5-lp151.6.3 is installed
  • OR php7-zlib-7.2.5-lp151.6.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND Package Information
  • vm-install-0.5.12-0.5 is installed
  • OR xen-4.1.3_02-0.5 is installed
  • OR xen-doc-html-4.1.3_02-0.5 is installed
  • OR xen-doc-pdf-4.1.3_02-0.5 is installed
  • OR xen-kmp-default-4.1.3_02_3.0.38_0.5-0.5 is installed
  • OR xen-kmp-trace-4.1.3_02_3.0.38_0.5-0.5 is installed
  • OR xen-libs-4.1.3_02-0.5 is installed
  • OR xen-libs-32bit-4.1.3_02-0.5 is installed
  • OR xen-tools-4.1.3_02-0.5 is installed
  • OR xen-tools-domU-4.1.3_02-0.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • cpio-2.9-75.78 is installed
  • OR cpio-lang-2.9-75.78 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND Package Information
  • dhcp-4.2.4.P2-0.24 is installed
  • OR dhcp-client-4.2.4.P2-0.24 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • libreoffice-4.3.3.2-6 is installed
  • OR libreoffice-base-4.3.3.2-6 is installed
  • OR libreoffice-base-drivers-mysql-4.3.3.2-6 is installed
  • OR libreoffice-base-drivers-postgresql-4.3.3.2-6 is installed
  • OR libreoffice-calc-4.3.3.2-6 is installed
  • OR libreoffice-calc-extensions-4.3.3.2-6 is installed
  • OR libreoffice-draw-4.3.3.2-6 is installed
  • OR libreoffice-filters-optional-4.3.3.2-6 is installed
  • OR libreoffice-gnome-4.3.3.2-6 is installed
  • OR libreoffice-icon-theme-tango-4.3.3.2-6 is installed
  • OR libreoffice-impress-4.3.3.2-6 is installed
  • OR libreoffice-l10n-af-4.3.3.2-6 is installed
  • OR libreoffice-l10n-ar-4.3.3.2-6 is installed
  • OR libreoffice-l10n-ca-4.3.3.2-6 is installed
  • OR libreoffice-l10n-cs-4.3.3.2-6 is installed
  • OR libreoffice-l10n-da-4.3.3.2-6 is installed
  • OR libreoffice-l10n-de-4.3.3.2-6 is installed
  • OR libreoffice-l10n-en-4.3.3.2-6 is installed
  • OR libreoffice-l10n-es-4.3.3.2-6 is installed
  • OR libreoffice-l10n-fi-4.3.3.2-6 is installed
  • OR libreoffice-l10n-fr-4.3.3.2-6 is installed
  • OR libreoffice-l10n-gu-4.3.3.2-6 is installed
  • OR libreoffice-l10n-hi-4.3.3.2-6 is installed
  • OR libreoffice-l10n-hu-4.3.3.2-6 is installed
  • OR libreoffice-l10n-it-4.3.3.2-6 is installed
  • OR libreoffice-l10n-ja-4.3.3.2-6 is installed
  • OR libreoffice-l10n-ko-4.3.3.2-6 is installed
  • OR libreoffice-l10n-nb-4.3.3.2-6 is installed
  • OR libreoffice-l10n-nl-4.3.3.2-6 is installed
  • OR libreoffice-l10n-nn-4.3.3.2-6 is installed
  • OR libreoffice-l10n-pl-4.3.3.2-6 is installed
  • OR libreoffice-l10n-pt-BR-4.3.3.2-6 is installed
  • OR libreoffice-l10n-pt-PT-4.3.3.2-6 is installed
  • OR libreoffice-l10n-ru-4.3.3.2-6 is installed
  • OR libreoffice-l10n-sk-4.3.3.2-6 is installed
  • OR libreoffice-l10n-sv-4.3.3.2-6 is installed
  • OR libreoffice-l10n-xh-4.3.3.2-6 is installed
  • OR libreoffice-l10n-zh-Hans-4.3.3.2-6 is installed
  • OR libreoffice-l10n-zh-Hant-4.3.3.2-6 is installed
  • OR libreoffice-l10n-zu-4.3.3.2-6 is installed
  • OR libreoffice-mailmerge-4.3.3.2-6 is installed
  • OR libreoffice-math-4.3.3.2-6 is installed
  • OR libreoffice-officebean-4.3.3.2-6 is installed
  • OR libreoffice-pyuno-4.3.3.2-6 is installed
  • OR libreoffice-writer-4.3.3.2-6 is installed
  • OR libreoffice-writer-extensions-4.3.3.2-6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • libssh-0.6.3-11 is installed
  • OR libssh4-0.6.3-11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND dnsmasq-2.78-18.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • libpolkit0-0.113-5.9 is installed
  • OR libpolkit0-32bit-0.113-5.9 is installed
  • OR polkit-0.113-5.9 is installed
  • OR typelib-1_0-Polkit-1_0-0.113-5.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • alsa-1.0.27.2-15 is installed
  • OR libasound2-1.0.27.2-15 is installed
  • OR libasound2-32bit-1.0.27.2-15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND apache2-mod_jk-1.2.40-5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_62-60_64_8-default-12-4 is installed
  • OR kgraft-patch-3_12_62-60_64_8-xen-12-4 is installed
  • OR kgraft-patch-SLE12-SP1_Update_8-12-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • cpp48-4.8.5-30 is installed
  • OR gcc48-4.8.5-30 is installed
  • OR gcc48-32bit-4.8.5-30 is installed
  • OR gcc48-c++-4.8.5-30 is installed
  • OR gcc48-info-4.8.5-30 is installed
  • OR gcc48-locale-4.8.5-30 is installed
  • OR libasan0-4.8.5-30 is installed
  • OR libasan0-32bit-4.8.5-30 is installed
  • OR libstdc++48-devel-4.8.5-30 is installed
  • OR libstdc++48-devel-32bit-4.8.5-30 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • libwireshark9-2.4.9-48.29 is installed
  • OR libwiretap7-2.4.9-48.29 is installed
  • OR libwscodecs1-2.4.9-48.29 is installed
  • OR libwsutil8-2.4.9-48.29 is installed
  • OR wireshark-2.4.9-48.29 is installed
  • OR wireshark-gtk-2.4.9-48.29 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • openssh-7.2p2-74.25 is installed
  • OR openssh-askpass-gnome-7.2p2-74.25 is installed
  • OR openssh-fips-7.2p2-74.25 is installed
  • OR openssh-helpers-7.2p2-74.25 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • krb5-appl-clients-1.0.3-1 is installed
  • OR krb5-appl-servers-1.0.3-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • postgresql96-9.6.17-3.33 is installed
  • OR postgresql96-contrib-9.6.17-3.33 is installed
  • OR postgresql96-docs-9.6.17-3.33 is installed
  • OR postgresql96-libs-9.6.17-3.33 is installed
  • OR postgresql96-plperl-9.6.17-3.33 is installed
  • OR postgresql96-plpython-9.6.17-3.33 is installed
  • OR postgresql96-pltcl-9.6.17-3.33 is installed
  • OR postgresql96-server-9.6.17-3.33 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_178-94_91-default-5-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_25-5-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_162-94_72-default-5-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_22-5-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • openslp-2.0.0-18.15 is installed
  • OR openslp-32bit-2.0.0-18.15 is installed
  • OR openslp-server-2.0.0-18.15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • cups-filters-1.0.58-19.2 is installed
  • OR cups-filters-cups-browsed-1.0.58-19.2 is installed
  • OR cups-filters-foomatic-rip-1.0.58-19.2 is installed
  • OR cups-filters-ghostscript-1.0.58-19.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 15 is installed
  • AND apache-commons-httpclient-3.1-4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 is installed
  • AND Package Information
  • MozillaThunderbird-60.7.2-3.43 is installed
  • OR MozillaThunderbird-translations-common-60.7.2-3.43 is installed
  • OR MozillaThunderbird-translations-other-60.7.2-3.43 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND python-pycrypto-2.6.1-2 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • ghostscript-9.26a-23.22 is installed
  • OR ghostscript-x11-9.26a-23.22 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • strongswan-5.1.3-26.13 is installed
  • OR strongswan-doc-5.1.3-26.13 is installed
  • OR strongswan-hmac-5.1.3-26.13 is installed
  • OR strongswan-ipsec-5.1.3-26.13 is installed
  • OR strongswan-libs0-5.1.3-26.13 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND slf4j-1.7.12-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND Package Information
  • crowbar-core-6.0+git.1573825081.b1caf60f1-3.16 is installed
  • OR crowbar-core-branding-upstream-6.0+git.1573825081.b1caf60f1-3.16 is installed
  • OR crowbar-openstack-6.0+git.1573754820.dd036ef77-3.16 is installed
  • OR crowbar-ui-1.3.0+git.1572871359.50fc6087-14 is installed
  • OR openstack-barbican-7.0.1~dev21-3.3 is installed
  • OR openstack-barbican-api-7.0.1~dev21-3.3 is installed
  • OR openstack-barbican-keystone-listener-7.0.1~dev21-3.3 is installed
  • OR openstack-barbican-retry-7.0.1~dev21-3.3 is installed
  • OR openstack-barbican-worker-7.0.1~dev21-3.3 is installed
  • OR openstack-heat-templates-0.0.0+git.1553459627.948e8cc-3.3 is installed
  • OR openstack-keystone-14.1.1~dev28-3.16 is installed
  • OR openstack-neutron-13.0.6~dev8-3.16 is installed
  • OR openstack-neutron-dhcp-agent-13.0.6~dev8-3.16 is installed
  • OR openstack-neutron-gbp-5.0.1~dev476-3.13 is installed
  • OR openstack-neutron-ha-tool-13.0.6~dev8-3.16 is installed
  • OR openstack-neutron-l3-agent-13.0.6~dev8-3.16 is installed
  • OR openstack-neutron-lbaas-13.0.1~dev16-3.13 is installed
  • OR openstack-neutron-lbaas-agent-13.0.1~dev16-3.13 is installed
  • OR openstack-neutron-linuxbridge-agent-13.0.6~dev8-3.16 is installed
  • OR openstack-neutron-macvtap-agent-13.0.6~dev8-3.16 is installed
  • OR openstack-neutron-metadata-agent-13.0.6~dev8-3.16 is installed
  • OR openstack-neutron-metering-agent-13.0.6~dev8-3.16 is installed
  • OR openstack-neutron-openvswitch-agent-13.0.6~dev8-3.16 is installed
  • OR openstack-neutron-server-13.0.6~dev8-3.16 is installed
  • OR openstack-nova-18.2.4~dev22-3.16 is installed
  • OR openstack-nova-api-18.2.4~dev22-3.16 is installed
  • OR openstack-nova-cells-18.2.4~dev22-3.16 is installed
  • OR openstack-nova-compute-18.2.4~dev22-3.16 is installed
  • OR openstack-nova-conductor-18.2.4~dev22-3.16 is installed
  • OR openstack-nova-console-18.2.4~dev22-3.16 is installed
  • OR openstack-nova-novncproxy-18.2.4~dev22-3.16 is installed
  • OR openstack-nova-placement-api-18.2.4~dev22-3.16 is installed
  • OR openstack-nova-scheduler-18.2.4~dev22-3.16 is installed
  • OR openstack-nova-serialproxy-18.2.4~dev22-3.16 is installed
  • OR openstack-nova-vncproxy-18.2.4~dev22-3.16 is installed
  • OR openstack-octavia-3.2.1~dev3-3.16 is installed
  • OR openstack-octavia-amphora-agent-3.2.1~dev3-3.16 is installed
  • OR openstack-octavia-api-3.2.1~dev3-3.16 is installed
  • OR openstack-octavia-health-manager-3.2.1~dev3-3.16 is installed
  • OR openstack-octavia-housekeeping-3.2.1~dev3-3.16 is installed
  • OR openstack-octavia-worker-3.2.1~dev3-3.16 is installed
  • OR openstack-sahara-9.0.2~dev14-3.6 is installed
  • OR openstack-sahara-api-9.0.2~dev14-3.6 is installed
  • OR openstack-sahara-engine-9.0.2~dev14-3.6 is installed
  • OR python-barbican-7.0.1~dev21-3.3 is installed
  • OR python-keystone-14.1.1~dev28-3.16 is installed
  • OR python-neutron-13.0.6~dev8-3.16 is installed
  • OR python-neutron-gbp-5.0.1~dev476-3.13 is installed
  • OR python-neutron-lbaas-13.0.1~dev16-3.13 is installed
  • OR python-nova-18.2.4~dev22-3.16 is installed
  • OR python-octavia-3.2.1~dev3-3.16 is installed
  • OR python-psutil-5.4.6-3.3 is installed
  • OR python-sahara-9.0.2~dev14-3.6 is installed
  • OR release-notes-suse-openstack-cloud-9.20191025-3.15 is installed
    • BACK