Oval Definition:	oval:org.opensuse.security:def:58358
Revision Date: 2020-12-01 Version: 1 Title: Security update for apache-commons-httpclient (Important) Description: This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577] Family: unix Class: patch Status: Reference(s): 1005179 1007216 1008501 1008894 1014338 1016168 1016169 1029907 1029908 1029909 1030296 1030297 1030298 1030584 1030585 1030588 1030589 1031590 1031593 1031595 1031638 1031644 1031656 1037052 1037057 1037061 1037066 1037273 1041783 1042802 1042803 1043088 1044891 1044897 1044901 1044909 1044925 1044927 1044947 1045719 1045721 1065643 1065689 1065693 1068032 1068640 1068643 1068887 1068888 1068950 1069176 1069202 1074741 1077745 1079103 1079741 1080556 1081527 1083528 1083532 1084878 1085784 1086608 1086784 1086786 1086788 1087200 1090997 1091015 1091365 1091368 1092497 1097108 1099306 1102840 1106913 1109412 1109413 1109414 1109465 1111331 1111996 1112534 1112535 1113247 1113252 1113255 1116827 1117473 1117665 1118830 1118831 1120640 1121034 1121035 1121056 1123482 1124525 1133131 1133232 1133810 1135966 1135967 1137865 1138743 1139073 1139550 1140671 1140868 1141035 1141054 1141913 1142772 1144338 1144903 1145477 1145665 1146285 1146361 1146378 1146391 1146413 1146425 1146512 1146514 1146516 1146519 1146584 1147122 1148394 1148938 1149323 1149376 1149522 1149527 1149555 1149612 1149849 1150025 1150112 1150223 1150452 1150457 1150465 1150466 1151347 1151350 1152685 1152782 1152788 1153158 1154372 1154849 1155671 1155898 1155988 1156187 1160039 1160968 1170601 1171863 1171864 1171866 1178171 945190 947494 949942 966891 977940 982141 982331 985232 987144 987176 988361 990438 990531 994399 999688 CVE-2014-3577 CVE-2014-9749 CVE-2014-9939 CVE-2015-5262 CVE-2016-10002 CVE-2016-10003 CVE-2016-10906 CVE-2016-5009 CVE-2016-5011 CVE-2017-15938 CVE-2017-15939 CVE-2017-15996 CVE-2017-16826 CVE-2017-16827 CVE-2017-16828 CVE-2017-16829 CVE-2017-16830 CVE-2017-16831 CVE-2017-16832 CVE-2017-18509 CVE-2017-18595 CVE-2017-6965 CVE-2017-6966 CVE-2017-6969 CVE-2017-7209 CVE-2017-7210 CVE-2017-7223 CVE-2017-7224 CVE-2017-7225 CVE-2017-7226 CVE-2017-7299 CVE-2017-7300 CVE-2017-7301 CVE-2017-7302 CVE-2017-7303 CVE-2017-7304 CVE-2017-7508 CVE-2017-7511 CVE-2017-7515 CVE-2017-7520 CVE-2017-7521 CVE-2017-8392 CVE-2017-8393 CVE-2017-8394 CVE-2017-8396 CVE-2017-8421 CVE-2017-9406 CVE-2017-9408 CVE-2017-9746 CVE-2017-9747 CVE-2017-9748 CVE-2017-9750 CVE-2017-9755 CVE-2017-9756 CVE-2017-9775 CVE-2017-9776 CVE-2018-1000876 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-10853 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-12207 CVE-2018-17358 CVE-2018-17359 CVE-2018-17360 CVE-2018-17985 CVE-2018-18309 CVE-2018-18483 CVE-2018-18484 CVE-2018-18605 CVE-2018-18606 CVE-2018-18607 CVE-2018-19931 CVE-2018-19932 CVE-2018-20623 CVE-2018-20651 CVE-2018-20671 CVE-2018-20976 CVE-2018-3646 CVE-2018-6323 CVE-2018-6543 CVE-2018-6759 CVE-2018-6872 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7570 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945 CVE-2019-0154 CVE-2019-0155 CVE-2019-1010180 CVE-2019-10220 CVE-2019-11091 CVE-2019-11135 CVE-2019-11139 CVE-2019-11709 CVE-2019-11710 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11714 CVE-2019-11715 CVE-2019-11716 CVE-2019-11717 CVE-2019-11718 CVE-2019-11719 CVE-2019-11720 CVE-2019-11721 CVE-2019-11723 CVE-2019-11724 CVE-2019-11725 CVE-2019-11727 CVE-2019-11728 CVE-2019-11729 CVE-2019-11730 CVE-2019-11733 CVE-2019-11735 CVE-2019-11736 CVE-2019-11738 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11751 CVE-2019-11752 CVE-2019-11753 CVE-2019-13272 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14821 CVE-2019-14834 CVE-2019-14835 CVE-2019-15098 CVE-2019-15211 CVE-2019-15212 CVE-2019-15214 CVE-2019-15215 CVE-2019-15216 CVE-2019-15217 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15290 CVE-2019-15291 CVE-2019-15505 CVE-2019-15666 CVE-2019-15807 CVE-2019-15902 CVE-2019-15924 CVE-2019-15926 CVE-2019-15927 CVE-2019-16231 CVE-2019-16232 CVE-2019-16233 CVE-2019-16234 CVE-2019-16413 CVE-2019-16995 CVE-2019-17055 CVE-2019-17056 CVE-2019-17133 CVE-2019-17666 CVE-2019-18680 CVE-2019-18805 CVE-2019-9456 CVE-2019-9506 CVE-2019-9811 CVE-2019-9812 CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659 SUSE-SU-2016:2954-1 SUSE-SU-2017:0128-1 SUSE-SU-2017:0367-1 SUSE-SU-2017:1635-1 SUSE-SU-2017:1999-1 SUSE-SU-2018:2389-1 SUSE-SU-2019:1954-1 SUSE-SU-2019:2650-1 SUSE-SU-2020:0419-1 SUSE-SU-2020:0628-1 SUSE-SU-2020:1662-1 SUSE-SU-2020:3149-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND libXRes1-1.2.0-lp150.1 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libpng16-1.6.34-lp151.3.3 is installed OR libpng16-16-1.6.34-lp151.3.3 is installed OR libpng16-16-32bit-1.6.34-lp151.3.3 is installed OR libpng16-compat-devel-1.6.34-lp151.3.3 is installed OR libpng16-compat-devel-32bit-1.6.34-lp151.3.3 is installed OR libpng16-devel-1.6.34-lp151.3.3 is installed OR libpng16-devel-32bit-1.6.34-lp151.3.3 is installed OR libpng16-tools-1.6.34-lp151.3.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information libblkid1-2.28-42 is installed OR libblkid1-32bit-2.28-42 is installed OR libfdisk1-2.28-42 is installed OR libmount1-2.28-42 is installed OR libmount1-32bit-2.28-42 is installed OR libsmartcols1-2.28-42 is installed OR libuuid1-2.28-42 is installed OR libuuid1-32bit-2.28-42 is installed OR python-libmount-2.28-42 is installed OR util-linux-2.28-42 is installed OR util-linux-lang-2.28-42 is installed OR util-linux-systemd-2.28-42 is installed OR uuidd-2.28-42 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND binutils-2.32-9.33 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND binutils-2.31-9.26 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_120-92_70-default-5-2 is installed OR kgraft-patch-SLE12-SP2_Update_20-5-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information DirectFB-1.7.1-6 is installed OR lib++dfb-1_7-1-1.7.1-6 is installed OR libdirectfb-1_7-1-1.7.1-6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information apache2-2.4.23-29.63 is installed OR apache2-doc-2.4.23-29.63 is installed OR apache2-example-pages-2.4.23-29.63 is installed OR apache2-prefork-2.4.23-29.63 is installed OR apache2-utils-2.4.23-29.63 is installed OR apache2-worker-2.4.23-29.63 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_180-94_100-default-4-2 is installed OR kgraft-patch-SLE12-SP3_Update_27-4-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information libpolkit0-0.113-5.18 is installed OR polkit-0.113-5.18 is installed OR typelib-1_0-Polkit-1_0-0.113-5.18 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND binutils-2.31-9.26 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND libspice-server1-0.12.8-6 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND apache-commons-httpclient-3.1-6.3 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information ardana-monasca-8.0+git.1535031421.9262a47-3.12 is installed OR ardana-spark-8.0+git.1534267176.a5f3a22-3.6 is installed OR kafka-0.10.2.2-5.6 is installed OR openstack-monasca-api-2.2.1~dev24-3.6 is installed OR python-monasca-api-2.2.1~dev24-3.6 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information ruby2.1-rubygem-haml-4.0.6-3.3 is installed OR rubygem-haml-4.0.6-3.3 is installed
BACK