Oval Definition:oval:org.opensuse.security:def:68407
Revision Date:2020-12-01Version:1
Title:Security update for apache-commons-httpclient (Important)
Description:

This update for apache-commons-httpclient fixes the following issues:

- http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577]
Family:unixClass:patch
Status:Reference(s):1125433
1136981
1136986
1136992
1137930
1178171
945190
CVE-2014-3577
CVE-2015-5262
CVE-2019-12447
CVE-2019-12448
CVE-2019-12449
CVE-2019-12795
SUSE-SU-2019:1717-1
SUSE-SU-2020:3151-1
Platform(s):SUSE Linux Enterprise Module for Basesystem 15 SP1
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed
  • AND apache-commons-httpclient-3.1-4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed
  • AND Package Information
  • gvfs-1.34.2.1-4.13 is installed
  • OR gvfs-backend-afc-1.34.2.1-4.13 is installed
  • OR gvfs-backend-samba-1.34.2.1-4.13 is installed
  • OR gvfs-backends-1.34.2.1-4.13 is installed
  • OR gvfs-devel-1.34.2.1-4.13 is installed
  • OR gvfs-fuse-1.34.2.1-4.13 is installed
  • OR gvfs-lang-1.34.2.1-4.13 is installed
    • BACK