OVAL Reference oval:org.opensuse.security:def:5532

Oval Definition:

oval:org.opensuse.security:def:5532

Revision Date:	2020-12-02	Version:	1
Title:	Security update for apache-commons-httpclient (Important)
Description:	This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577]
Family:	unix	Class:	patch
Status:		Reference(s):	1163985 1178171 945190 CVE-2009-0758 CVE-2009-0946 CVE-2009-1892 CVE-2009-4492 CVE-2010-0541 CVE-2010-1163 CVE-2010-1646 CVE-2010-2156 CVE-2010-2244 CVE-2010-2497 CVE-2010-2805 CVE-2010-3053 CVE-2010-3054 CVE-2010-3311 CVE-2010-3611 CVE-2010-3616 CVE-2010-3814 CVE-2010-3855 CVE-2011-0010 CVE-2011-0226 CVE-2011-0413 CVE-2011-0997 CVE-2011-1002 CVE-2011-1004 CVE-2011-1005 CVE-2011-1097 CVE-2011-2748 CVE-2011-2749 CVE-2011-3256 CVE-2011-3439 CVE-2011-3848 CVE-2011-3872 CVE-2011-4182 CVE-2011-4539 CVE-2011-4815 CVE-2011-4868 CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 CVE-2012-2337 CVE-2012-3570 CVE-2012-3571 CVE-2012-3864 CVE-2012-3865 CVE-2012-3866 CVE-2012-3867 CVE-2012-3954 CVE-2012-3955 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 CVE-2013-1775 CVE-2013-1776 CVE-2013-2002 CVE-2013-2005 CVE-2013-2266 CVE-2013-3567 CVE-2013-4761 CVE-2013-4956 CVE-2014-0011 CVE-2014-2240 CVE-2014-2241 CVE-2014-2855 CVE-2014-3248 CVE-2014-3253 CVE-2014-3577 CVE-2014-8240 CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9659 CVE-2014-9660 CVE-2014-9661 CVE-2014-9662 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665 CVE-2014-9666 CVE-2014-9667 CVE-2014-9668 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 CVE-2015-0255 CVE-2015-3451 CVE-2015-5262 CVE-2015-8605 CVE-2016-1856 CVE-2016-1857 CVE-2016-4590 CVE-2016-4591 CVE-2016-4622 CVE-2016-4624 CVE-2016-6153 CVE-2020-1720 SUSE-SU-2020:0589-1 SUSE-SU-2020:3151-1
Platform(s):	openSUSE 13.1 openSUSE 13.1 NonFree SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise for SAP 12 SUSE Linux Enterprise for SAP 12 SP1 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for High Performance Computing 12 SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Point of Sale 12 SP2 SUSE Linux Enterprise Real Time Extension 11 SP3 SUSE Linux Enterprise Real Time Extension 12 SP2 SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2-LTSS SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for VMWare 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Workstation Extension 12 SP1 SUSE Linux Enterprise Workstation Extension 12 SP2 SUSE OpenStack Cloud 5	Product(s):
Definition Synopsis
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed AND Package Information openstack-ceilometer-2014.2.4.dev18-3.2 is installed OR openstack-ceilometer-agent-compute-2014.2.4.dev18-3.2 is installed OR openstack-neutron-2014.2.4~a0~dev78-7.2 is installed OR openstack-neutron-dhcp-agent-2014.2.4~a0~dev78-7.2 is installed OR openstack-neutron-ha-tool-2014.2.4~a0~dev78-7.2 is installed OR openstack-neutron-l3-agent-2014.2.4~a0~dev78-7.2 is installed OR openstack-neutron-lbaas-agent-2014.2.4~a0~dev78-7.2 is installed OR openstack-neutron-linuxbridge-agent-2014.2.4~a0~dev78-7.2 is installed OR openstack-neutron-metadata-agent-2014.2.4~a0~dev78-7.2 is installed OR openstack-neutron-metering-agent-2014.2.4~a0~dev78-7.2 is installed OR openstack-neutron-openvswitch-agent-2014.2.4~a0~dev78-7.2 is installed OR openstack-neutron-vpn-agent-2014.2.4~a0~dev78-7.2 is installed OR openstack-nova-2014.2.4~a0~dev61-6.2 is installed OR openstack-nova-compute-2014.2.4~a0~dev61-6.2 is installed OR openstack-suse-2014.2-5.1 is installed OR openstack-suse-sudo-2014.2-5.1 is installed OR python-ceilometer-2014.2.4.dev18-3.2 is installed OR python-neutron-2014.2.4~a0~dev78-7.2 is installed OR python-nova-2014.2.4~a0~dev61-6.2 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information MozillaFirefox-38.2.1esr-19.3 is installed OR MozillaFirefox-branding-SLED-31.0-0.12.51 is installed OR MozillaFirefox-translations-38.2.1esr-19.3 is installed OR libfreebl3-3.19.2.0-0.16.1 is installed OR libfreebl3-32bit-3.19.2.0-0.16.1 is installed OR libsoftokn3-3.19.2.0-0.16.1 is installed OR libsoftokn3-32bit-3.19.2.0-0.16.1 is installed OR mozilla-nss-3.19.2.0-0.16.1 is installed OR mozilla-nss-32bit-3.19.2.0-0.16.1 is installed OR mozilla-nss-tools-3.19.2.0-0.16.1 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND puppet-3.6.2-3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information avahi-0.6.32-30 is installed OR avahi-lang-0.6.32-30 is installed OR libavahi-client3-0.6.32-30 is installed OR libavahi-client3-32bit-0.6.32-30 is installed OR libavahi-common3-0.6.32-30 is installed OR libavahi-common3-32bit-0.6.32-30 is installed OR libavahi-core7-0.6.32-30 is installed OR libdns_sd-0.6.32-30 is installed OR libdns_sd-32bit-0.6.32-30 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND binutils-2.26.1-9.12 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information ceph-common-12.2.8+git.1536505967.080f2248ff-2.15 is installed OR libcephfs2-12.2.8+git.1536505967.080f2248ff-2.15 is installed OR librados2-12.2.8+git.1536505967.080f2248ff-2.15 is installed OR libradosstriper1-12.2.8+git.1536505967.080f2248ff-2.15 is installed OR librbd1-12.2.8+git.1536505967.080f2248ff-2.15 is installed OR librgw2-12.2.8+git.1536505967.080f2248ff-2.15 is installed OR python-cephfs-12.2.8+git.1536505967.080f2248ff-2.15 is installed OR python-rados-12.2.8+git.1536505967.080f2248ff-2.15 is installed OR python-rbd-12.2.8+git.1536505967.080f2248ff-2.15 is installed OR python-rgw-12.2.8+git.1536505967.080f2248ff-2.15 is installed
Definition Synopsis
SUSE Linux Enterprise for SAP 12 is installed AND Package Information compat-libldap-2_3-0-2.3.37-16.1 is installed OR openldap2-2.4.39-16.1 is installed
Definition Synopsis
SUSE Linux Enterprise for SAP 12 SP1 is installed AND clamav-0.99.2-32.1 is installed
Definition Synopsis
SUSE Linux Enterprise High Performance Computing 12 SP5 is installed AND Package Information colord-gtk-lang-0.1.26-6 is installed OR libcolord-gtk1-0.1.26-6 is installed OR libcolord2-1.3.3-12 is installed OR libcolord2-32bit-1.3.3-12 is installed OR libcolorhug2-1.3.3-12 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Containers 12 is installed AND sles12-docker-image-1.1.4-20171002 is installed
Definition Synopsis
SUSE Linux Enterprise Module for High Performance Computing 12 is installed AND Package Information libpmi0-17.02.10-6.16 is installed OR libslurm31-17.02.10-6.16 is installed OR perl-slurm-17.02.10-6.16 is installed OR slurm-17.02.10-6.16 is installed OR slurm-auth-none-17.02.10-6.16 is installed OR slurm-devel-17.02.10-6.16 is installed OR slurm-doc-17.02.10-6.16 is installed OR slurm-lua-17.02.10-6.16 is installed OR slurm-munge-17.02.10-6.16 is installed OR slurm-pam_slurm-17.02.10-6.16 is installed OR slurm-plugins-17.02.10-6.16 is installed OR slurm-sched-wiki-17.02.10-6.16 is installed OR slurm-slurmdb-direct-17.02.10-6.16 is installed OR slurm-slurmdbd-17.02.10-6.16 is installed OR slurm-sql-17.02.10-6.16 is installed OR slurm-torque-17.02.10-6.16 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Legacy Software 12 is installed AND Package Information java-1_6_0-ibm-1.6.0_sr16.1-5 is installed OR java-1_6_0-ibm-fonts-1.6.0_sr16.1-5 is installed OR java-1_6_0-ibm-jdbc-1.6.0_sr16.1-5 is installed OR java-1_6_0-ibm-plugin-1.6.0_sr16.1-5 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Public Cloud 12 is installed AND Package Information kernel-ec2-3.12.44-52.18.1 is installed OR kernel-ec2-devel-3.12.44-52.18.1 is installed OR kernel-ec2-extra-3.12.44-52.18.1 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Web Scripting 12 is installed AND Package Information nodejs6-6.9.5-7 is installed OR nodejs6-devel-6.9.5-7 is installed OR nodejs6-docs-6.9.5-7 is installed OR npm6-6.9.5-7 is installed
Definition Synopsis
SUSE Linux Enterprise Point of Sale 12 SP2 is installed AND Package Information salt-2016.11.4-46.7.1 is installed OR salt-minion-2016.11.4-46.7.1 is installed
Definition Synopsis
SUSE Linux Enterprise Real Time Extension 11 SP3 is installed AND Package Information kernel-rt-3.0.101.rt130-0.33.40.1 is installed OR kernel-rt-base-3.0.101.rt130-0.33.40.1 is installed OR kernel-rt-devel-3.0.101.rt130-0.33.40.1 is installed OR kernel-rt_trace-3.0.101.rt130-0.33.40.1 is installed OR kernel-rt_trace-base-3.0.101.rt130-0.33.40.1 is installed OR kernel-rt_trace-devel-3.0.101.rt130-0.33.40.1 is installed OR kernel-source-rt-3.0.101.rt130-0.33.40.1 is installed OR kernel-syms-rt-3.0.101.rt130-0.33.40.1 is installed
Definition Synopsis
SUSE Linux Enterprise Real Time Extension 12 SP2 is installed AND Package Information cluster-md-kmp-rt-4.4.95-21.1 is installed OR cluster-network-kmp-rt-4.4.95-21.1 is installed OR dlm-kmp-rt-4.4.95-21.1 is installed OR gfs2-kmp-rt-4.4.95-21.1 is installed OR kernel-devel-rt-4.4.95-21.1 is installed OR kernel-rt-4.4.95-21.1 is installed OR kernel-rt-base-4.4.95-21.1 is installed OR kernel-rt-devel-4.4.95-21.1 is installed OR kernel-rt_debug-4.4.95-21.1 is installed OR kernel-rt_debug-devel-4.4.95-21.1 is installed OR kernel-source-rt-4.4.95-21.1 is installed OR kernel-syms-rt-4.4.95-21.1 is installed OR ocfs2-kmp-rt-4.4.95-21.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP1-LTSS is installed AND Package Information libfreebl3-3.15.3-0.3.1 is installed OR libfreebl3-32bit-3.15.3-0.3.1 is installed OR mozilla-nspr-4.10.2-0.3.1 is installed OR mozilla-nspr-32bit-4.10.2-0.3.1 is installed OR mozilla-nss-3.15.3-0.3.1 is installed OR mozilla-nss-32bit-3.15.3-0.3.1 is installed OR mozilla-nss-tools-3.15.3-0.3.1 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Server 11 SP2 is installed AND dhcp-4.2.4.P2-0.11.13.1 is installed OR dhcp-client-4.2.4.P2-0.11.13.1 is installed OR dhcp-relay-4.2.4.P2-0.11.13.1 is installed OR dhcp-server-4.2.4.P2-0.11.13.1 is installed OR Package Information SUSE Linux Enterprise Server for VMWare 11 SP2 is installed AND dhcp-4.2.4.P2-0.11.13.1 is installed OR dhcp-client-4.2.4.P2-0.11.13.1 is installed OR dhcp-relay-4.2.4.P2-0.11.13.1 is installed OR dhcp-server-4.2.4.P2-0.11.13.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP2 is installed AND aaa_base-11-6.65.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP3 is installed AND Package Information avahi-0.6.23-11.30.4 is installed OR avahi-lang-0.6.23-11.30.4 is installed OR avahi-utils-0.6.23-11.30.4 is installed OR libavahi-client3-0.6.23-11.30.4 is installed OR libavahi-client3-32bit-0.6.23-11.30.4 is installed OR libavahi-client3-x86-0.6.23-11.30.4 is installed OR libavahi-common3-0.6.23-11.30.4 is installed OR libavahi-common3-32bit-0.6.23-11.30.4 is installed OR libavahi-common3-x86-0.6.23-11.30.4 is installed OR libavahi-core5-0.6.23-11.30.4 is installed OR libdns_sd-0.6.23-11.30.4 is installed OR libdns_sd-32bit-0.6.23-11.30.4 is installed OR libdns_sd-x86-0.6.23-11.30.4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP4 is installed AND NetworkManager-gnome-0.7.1-5.22.28 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 is installed AND apache2-mod_jk-1.2.40-1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information aaa_base-13.2+git20140911.61c1681-9 is installed OR aaa_base-extras-13.2+git20140911.61c1681-9 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information bind-9.9.9P1-46 is installed OR bind-chrootenv-9.9.9P1-46 is installed OR bind-doc-9.9.9P1-46 is installed OR bind-libs-9.9.9P1-46 is installed OR bind-libs-32bit-9.9.9P1-46 is installed OR bind-utils-9.9.9P1-46 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information rsyslog-8.24.0-1 is installed OR rsyslog-diag-tools-8.24.0-1 is installed OR rsyslog-doc-8.24.0-1 is installed OR rsyslog-module-gssapi-8.24.0-1 is installed OR rsyslog-module-gtls-8.24.0-1 is installed OR rsyslog-module-mysql-8.24.0-1 is installed OR rsyslog-module-pgsql-8.24.0-1 is installed OR rsyslog-module-relp-8.24.0-1 is installed OR rsyslog-module-snmp-8.24.0-1 is installed OR rsyslog-module-udpspoof-8.24.0-1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND apache-commons-httpclient-3.1-4 is installed
Definition Synopsis
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed AND Package Information DirectFB-1.7.1-6 is installed OR lib++dfb-1_7-1-1.7.1-6 is installed OR libdirectfb-1_7-1-1.7.1-6 is installed
Definition Synopsis
SUSE Linux Enterprise Server for SAP Applications 12 SP1 is installed AND Package Information kernel-default-3.12.74-60.64.60 is installed OR kernel-default-base-3.12.74-60.64.60 is installed OR kernel-default-devel-3.12.74-60.64.60 is installed OR kernel-devel-3.12.74-60.64.60 is installed OR kernel-macros-3.12.74-60.64.60 is installed OR kernel-source-3.12.74-60.64.60 is installed OR kernel-syms-3.12.74-60.64.60 is installed OR kernel-xen-3.12.74-60.64.60 is installed OR kernel-xen-base-3.12.74-60.64.60 is installed OR kernel-xen-devel-3.12.74-60.64.60 is installed OR kgraft-patch-3_12_74-60_64_60-default-1-2 is installed OR kgraft-patch-3_12_74-60_64_60-xen-1-2 is installed OR kgraft-patch-SLE12-SP1_Update_21-1-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server for SAP Applications 15 is installed AND apache-commons-httpclient-3.1-4.3 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 11 SP2 is installed AND Package Information GraphicsMagick-1.2.5-4.33.1 is installed OR libGraphicsMagick2-1.2.5-4.33.1 is installed OR perl-GraphicsMagick-1.2.5-4.33.1 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 11 SP4 is installed AND libevent-devel-1.4.5-24.24.1 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 is installed AND apache2-devel-2.4.10-6 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 SP1 is installed AND Package Information avahi-compat-howl-devel-0.6.31-20 is installed OR avahi-compat-mDNSResponder-devel-0.6.31-20 is installed OR libavahi-devel-0.6.31-20 is installed OR libhowl0-0.6.31-20 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 SP3 is installed AND mozilla-nss-devel-3.29.5-57 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 SP4 is installed AND accountsservice-devel-0.6.42-16.3 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 12 is installed AND Package Information ImageMagick-6.8.8.1-5 is installed OR libMagick++-6_Q16-3-6.8.8.1-5 is installed OR libMagickCore-6_Q16-1-32bit-6.8.8.1-5 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 12 SP1 is installed AND cyrus-sasl-digestmd5-32bit-2.1.26-7 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 12 SP2 is installed AND cyrus-sasl-digestmd5-32bit-2.1.26-7 is installed

BACK