Fedora 21: jakarta-commons-httpclient Security Update
Summary
The Hyper-Text Transfer Protocol (HTTP) is perhaps the most significant
protocol used on the Internet today. Web services, network-enabled
appliances and the growth of network computing continue to expand the
role of the HTTP protocol beyond user-driven web browsers, and increase
the number of applications that may require HTTP support.
Although the java.net package provides basic support for accessing
resources via HTTP, it doesn't provide the full flexibility or
functionality needed by many applications. The Jakarta Commons HTTP
Client component seeks to fill this void by providing an efficient,
up-to-date, and feature-rich package implementing the client side of the
most recent HTTP standards and recommendations.
Designed for extension while providing robust support for the base HTTP
protocol, the HTTP Client component may be of interest to anyone
building HTTP-aware client applications such as web browsers, web
service clients, or systems that leverage or extend the HTTP protocol
for distributed communication.
Update Information:
This update fixes CVE-2015-5262 denial of service security vulnerability by respectinc configured SO_TIMEOUT parameter during SSL handshake.
Change Log
References
[ 1 ] Bug #1261538 - CVE-2015-5262 jakarta-commons-httpclient, httpcomponents-core: missing HTTPS connection timeout https://bugzilla.redhat.com/show_bug.cgi?id=1261538
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update jakarta-commons-httpclient' at the command line. For more information, refer to "Managing Software with yum", available at .