Oval Definition:oval:org.opensuse.security:def:5386
Revision Date:2020-12-02Version:1
Title:Security update for apache-commons-httpclient (Important)
Description:

This update for apache-commons-httpclient fixes the following issues:

- http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577]
Family:unixClass:patch
Status:Reference(s):1163102
1163103
1163104
1178171
945190
CVE-2002-2443
CVE-2006-0855
CVE-2007-1669
CVE-2009-0316
CVE-2009-0844
CVE-2009-0845
CVE-2009-0846
CVE-2009-0847
CVE-2009-1886
CVE-2009-1888
CVE-2009-2813
CVE-2009-2906
CVE-2009-2948
CVE-2009-3295
CVE-2009-4212
CVE-2010-0283
CVE-2010-0547
CVE-2010-0628
CVE-2010-0728
CVE-2010-0787
CVE-2010-0926
CVE-2010-1320
CVE-2010-1321
CVE-2010-1322
CVE-2010-1323
CVE-2010-1324
CVE-2010-1635
CVE-2010-1642
CVE-2010-2063
CVE-2010-3069
CVE-2010-4020
CVE-2010-4021
CVE-2010-4022
CVE-2011-0281
CVE-2011-0282
CVE-2011-0284
CVE-2011-0285
CVE-2011-0719
CVE-2011-1526
CVE-2011-1527
CVE-2011-1528
CVE-2011-1529
CVE-2011-1530
CVE-2011-2522
CVE-2011-2694
CVE-2011-4862
CVE-2012-0817
CVE-2012-0870
CVE-2012-1012
CVE-2012-1013
CVE-2012-1016
CVE-2012-1182
CVE-2012-2111
CVE-2012-3386
CVE-2012-6150
CVE-2013-0172
CVE-2013-0213
CVE-2013-0214
CVE-2013-0454
CVE-2013-1415
CVE-2013-1417
CVE-2013-1418
CVE-2013-1863
CVE-2013-1990
CVE-2013-1999
CVE-2013-2002
CVE-2013-2003
CVE-2013-2005
CVE-2013-2126
CVE-2013-2127
CVE-2013-4124
CVE-2013-4408
CVE-2013-4475
CVE-2013-4476
CVE-2013-4496
CVE-2013-6442
CVE-2013-7447
CVE-2014-0178
CVE-2014-0239
CVE-2014-0244
CVE-2014-3493
CVE-2014-3560
CVE-2014-3577
CVE-2014-3675
CVE-2014-3676
CVE-2014-3677
CVE-2014-4341
CVE-2014-4342
CVE-2014-4343
CVE-2014-4344
CVE-2014-4345
CVE-2014-5351
CVE-2014-5352
CVE-2014-5353
CVE-2014-5354
CVE-2014-5355
CVE-2014-5461
CVE-2014-8143
CVE-2014-9421
CVE-2014-9422
CVE-2014-9423
CVE-2015-0240
CVE-2015-2694
CVE-2015-2695
CVE-2015-2696
CVE-2015-2697
CVE-2015-3223
CVE-2015-5252
CVE-2015-5262
CVE-2015-5296
CVE-2015-5299
CVE-2015-5330
CVE-2015-5370
CVE-2015-7560
CVE-2015-8467
CVE-2016-2110
CVE-2016-2111
CVE-2016-2112
CVE-2016-2113
CVE-2016-2115
CVE-2016-2118
CVE-2016-2119
CVE-2016-6855
CVE-2019-15604
CVE-2019-15605
CVE-2019-15606
SUSE-SU-2020:0455-1
SUSE-SU-2020:3151-1
Platform(s):openSUSE 13.1
openSUSE 13.1 NonFree
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise for SAP 12
SUSE Linux Enterprise for SAP 12 SP1
SUSE Linux Enterprise High Performance Computing 12 SP5
SUSE Linux Enterprise Live Patching 12
SUSE Linux Enterprise Live Patching 12 SP3
SUSE Linux Enterprise Module for Advanced Systems Management 12
SUSE Linux Enterprise Module for Containers 12
SUSE Linux Enterprise Module for Legacy Software 12
SUSE Linux Enterprise Module for Public Cloud 12
SUSE Linux Enterprise Module for Toolchain 12
SUSE Linux Enterprise Module for Web Scripting 12
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 11 SP1-LTSS
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Software Development Kit 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP4
SUSE Linux Enterprise Workstation Extension 12
SUSE Linux Enterprise Workstation Extension 12 SP1
SUSE Linux Enterprise Workstation Extension 12 SP2
SUSE OpenStack Cloud 5
Product(s):
Definition Synopsis
  • SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed
  • AND Package Information
  • python-keystoneclient-1.0.0-16.1 is installed
  • OR python-keystoneclient-doc-1.0.0-16.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • libpng12-0-1.2.31-5.35.1 is installed
  • OR libpng12-0-32bit-1.2.31-5.35.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND Package Information
  • MozillaFirefox-38.3.0esr-22.1 is installed
  • OR MozillaFirefox-translations-38.3.0esr-22.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • gvim-7.4.326-2 is installed
  • OR vim-7.4.326-2 is installed
  • OR vim-data-7.4.326-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • eog-3.20.4-7 is installed
  • OR eog-lang-3.20.4-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • DirectFB-1.7.1-6 is installed
  • OR lib++dfb-1_7-1-1.7.1-6 is installed
  • OR libdirectfb-1_7-1-1.7.1-6 is installed
  • OR libdirectfb-1_7-1-32bit-1.7.1-6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND argyllcms-1.6.3-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise for SAP 12 is installed
  • AND Package Information
  • kgraft-patch-3_12_60-52_49-default-2-2.2 is installed
  • OR kgraft-patch-3_12_60-52_49-xen-2-2.2 is installed
  • OR kgraft-patch-SLE12_Update_14-2-2.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise for SAP 12 SP1 is installed
  • AND Package Information
  • compat-openssl098-0.9.8j-102.1 is installed
  • OR libopenssl0_9_8-0.9.8j-102.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Performance Computing 12 SP5 is installed
  • AND Package Information
  • accountsservice-0.6.42-16.3 is installed
  • OR accountsservice-lang-0.6.42-16.3 is installed
  • OR libaccountsservice0-0.6.42-16.3 is installed
  • OR typelib-1_0-AccountsService-1_0-0.6.42-16.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Live Patching 12 is installed
  • AND Package Information
  • kgraft-patch-4_4_49-92_11-default-2-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_5-2-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Live Patching 12 SP3 is installed
  • AND Package Information
  • kgraft-patch-4_4_82-6_3-default-2-2.1 is installed
  • OR kgraft-patch-SLE12-SP3_Update_1-2-2.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Advanced Systems Management 12 is installed
  • AND Package Information
  • ruby2.1-rubygem-puppet-4.8.1-32.3.1 is installed
  • OR rubygem-puppet-4.8.1-32.3.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Containers 12 is installed
  • AND python-setuptools-1.1.7-7.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Legacy Software 12 is installed
  • AND Package Information
  • cups154-1.5.4-9.1 is installed
  • OR cups154-client-1.5.4-9.1 is installed
  • OR cups154-filters-1.5.4-9.1 is installed
  • OR cups154-libs-1.5.4-9.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Public Cloud 12 is installed
  • AND python-pycrypto-2.6.1-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Toolchain 12 is installed
  • AND Package Information
  • cpp5-5.3.1+r233831-9 is installed
  • OR gcc5-5.3.1+r233831-9 is installed
  • OR gcc5-c++-5.3.1+r233831-9 is installed
  • OR gcc5-fortran-5.3.1+r233831-9 is installed
  • OR gcc5-info-5.3.1+r233831-9 is installed
  • OR gcc5-locale-5.3.1+r233831-9 is installed
  • OR libffi-devel-gcc5-5.3.1+r233831-9 is installed
  • OR libstdc++6-devel-gcc5-5.3.1+r233831-9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 12 is installed
  • AND apache2-mod_wsgi-4.4.13-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 is installed
  • AND wireshark-1.0.5-1.27.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP2 is installed
  • AND Package Information
  • OpenEXR-1.6.1-83.17.1 is installed
  • OR OpenEXR-32bit-1.6.1-83.17.1 is installed
  • OR OpenEXR-x86-1.6.1-83.17.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP3 is installed
  • AND apache2-mod_perl-2.0.4-40.19 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 11 SP4 is installed
  • AND quagga-0.99.15-0.14.11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 is installed
  • AND Package Information
  • automake-1.13.4-4 is installed
  • OR m4-1.4.16-15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • MozillaFirefox-38.4.0esr-51 is installed
  • OR MozillaFirefox-translations-38.4.0esr-51 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • libass-0.10.2-3.1 is installed
  • OR libass5-0.10.2-3.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • libgoa-1_0-0-3.20.5-9 is installed
  • OR libgoa-backend-1_0-1-3.20.5-9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • apache2-2.4.23-29.24 is installed
  • OR apache2-doc-2.4.23-29.24 is installed
  • OR apache2-example-pages-2.4.23-29.24 is installed
  • OR apache2-prefork-2.4.23-29.24 is installed
  • OR apache2-utils-2.4.23-29.24 is installed
  • OR apache2-worker-2.4.23-29.24 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12-LTSS is installed
  • AND Package Information
  • ctdb-4.2.4-18.41.1 is installed
  • OR libdcerpc-binding0-4.2.4-18.41.1 is installed
  • OR libdcerpc-binding0-32bit-4.2.4-18.41.1 is installed
  • OR libdcerpc0-4.2.4-18.41.1 is installed
  • OR libdcerpc0-32bit-4.2.4-18.41.1 is installed
  • OR libgensec0-4.2.4-18.41.1 is installed
  • OR libgensec0-32bit-4.2.4-18.41.1 is installed
  • OR libndr-krb5pac0-4.2.4-18.41.1 is installed
  • OR libndr-krb5pac0-32bit-4.2.4-18.41.1 is installed
  • OR libndr-nbt0-4.2.4-18.41.1 is installed
  • OR libndr-nbt0-32bit-4.2.4-18.41.1 is installed
  • OR libndr-standard0-4.2.4-18.41.1 is installed
  • OR libndr-standard0-32bit-4.2.4-18.41.1 is installed
  • OR libndr0-4.2.4-18.41.1 is installed
  • OR libndr0-32bit-4.2.4-18.41.1 is installed
  • OR libnetapi0-4.2.4-18.41.1 is installed
  • OR libnetapi0-32bit-4.2.4-18.41.1 is installed
  • OR libregistry0-4.2.4-18.41.1 is installed
  • OR libsamba-credentials0-4.2.4-18.41.1 is installed
  • OR libsamba-credentials0-32bit-4.2.4-18.41.1 is installed
  • OR libsamba-hostconfig0-4.2.4-18.41.1 is installed
  • OR libsamba-hostconfig0-32bit-4.2.4-18.41.1 is installed
  • OR libsamba-passdb0-4.2.4-18.41.1 is installed
  • OR libsamba-passdb0-32bit-4.2.4-18.41.1 is installed
  • OR libsamba-util0-4.2.4-18.41.1 is installed
  • OR libsamba-util0-32bit-4.2.4-18.41.1 is installed
  • OR libsamdb0-4.2.4-18.41.1 is installed
  • OR libsamdb0-32bit-4.2.4-18.41.1 is installed
  • OR libsmbclient-raw0-4.2.4-18.41.1 is installed
  • OR libsmbclient-raw0-32bit-4.2.4-18.41.1 is installed
  • OR libsmbclient0-4.2.4-18.41.1 is installed
  • OR libsmbclient0-32bit-4.2.4-18.41.1 is installed
  • OR libsmbconf0-4.2.4-18.41.1 is installed
  • OR libsmbconf0-32bit-4.2.4-18.41.1 is installed
  • OR libsmbldap0-4.2.4-18.41.1 is installed
  • OR libsmbldap0-32bit-4.2.4-18.41.1 is installed
  • OR libtevent-util0-4.2.4-18.41.1 is installed
  • OR libtevent-util0-32bit-4.2.4-18.41.1 is installed
  • OR libwbclient0-4.2.4-18.41.1 is installed
  • OR libwbclient0-32bit-4.2.4-18.41.1 is installed
  • OR samba-4.2.4-18.41.1 is installed
  • OR samba-32bit-4.2.4-18.41.1 is installed
  • OR samba-client-4.2.4-18.41.1 is installed
  • OR samba-client-32bit-4.2.4-18.41.1 is installed
  • OR samba-doc-4.2.4-18.41.1 is installed
  • OR samba-libs-4.2.4-18.41.1 is installed
  • OR samba-libs-32bit-4.2.4-18.41.1 is installed
  • OR samba-winbind-4.2.4-18.41.1 is installed
  • OR samba-winbind-32bit-4.2.4-18.41.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 15-LTSS is installed
  • AND apache-commons-httpclient-3.1-4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed
  • AND Package Information
  • apache-commons-daemon-1.0.15-4 is installed
  • OR apache-commons-daemon-javadoc-1.0.15-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 12 is installed
  • AND Package Information
  • kgraft-patch-3_12_61-52_72-default-2-3 is installed
  • OR kgraft-patch-3_12_61-52_72-xen-2-3 is installed
  • OR kgraft-patch-SLE12_Update_21-2-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1 is installed
  • AND Package Information
  • evince-3.10.3-2.3 is installed
  • OR evince-lang-3.10.3-2.3 is installed
  • OR libevdocument3-4-3.10.3-2.3 is installed
  • OR libevview3-3-3.10.3-2.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 11 SP4 is installed
  • AND Package Information
  • PackageKit-devel-0.3.14-2.30.11 is installed
  • OR hal-devel-0.5.12-23.76.1 is installed
  • OR libpackagekit-glib10-devel-0.3.14-2.30.11 is installed
  • OR libpackagekit-qt10-0.3.14-2.30.11 is installed
  • OR libpackagekit-qt10-devel-0.3.14-2.30.11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 is installed
  • AND ctdb-devel-2.5.3-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 SP3 is installed
  • AND graphite2-devel-1.3.1-9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 SP4 is installed
  • AND Package Information
  • DirectFB-devel-1.7.1-6 is installed
  • OR lib++dfb-devel-1.7.1-6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 12 is installed
  • AND Package Information
  • flash-player-11.2.202.425-19.1 is installed
  • OR flash-player-gnome-11.2.202.425-19.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 12 SP1 is installed
  • AND Package Information
  • gimp-2.8.10-7.8 is installed
  • OR gimp-lang-2.8.10-7.8 is installed
  • OR gimp-plugins-python-2.8.10-7.8 is installed
  • OR libgimp-2_0-0-2.8.10-7.8 is installed
  • OR libgimpui-2_0-0-2.8.10-7.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 12 SP2 is installed
  • AND Package Information
  • ImageMagick-6.8.8.1-59.1 is installed
  • OR libMagick++-6_Q16-3-6.8.8.1-59.1 is installed
  • OR libMagickCore-6_Q16-1-32bit-6.8.8.1-59.1 is installed
    • BACK