Oval Definition:	oval:org.opensuse.security:def:65060
Revision Date: 2020-12-01 Version: 1 Title: Security update for apache-commons-httpclient (Important) Description: This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577] Family: unix Class: patch Status: Reference(s): 1013708 1013712 1013893 1015171 1172524 1178171 945190 CVE-2014-3577 CVE-2015-5262 CVE-2016-9797 CVE-2016-9798 CVE-2016-9802 CVE-2016-9917 CVE-2020-12861 CVE-2020-12862 CVE-2020-12863 CVE-2020-12864 CVE-2020-12865 CVE-2020-12866 CVE-2020-12867 openSUSE-SU-2020:1798-1 SUSE-SU-2019:1353-2 SUSE-SU-2020:3151-1 Platform(s): openSUSE Leap 15.2 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 Product(s): Definition Synopsis openSUSE Leap 15.2 is installed AND Package Information sane-backends-1.0.31-lp152.7.3 is installed OR sane-backends-32bit-1.0.31-lp152.7.3 is installed OR sane-backends-autoconfig-1.0.31-lp152.7.3 is installed OR sane-backends-devel-1.0.31-lp152.7.3 is installed OR sane-backends-devel-32bit-1.0.31-lp152.7.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed AND apache-commons-httpclient-3.1-4.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed AND Package Information bluez-5.48-5.16 is installed OR bluez-devel-5.48-5.16 is installed
BACK