Fedora 22: 2015-15589 Moderate: jakarta-commons-httpclient DDoS Risk

The Hyper-Text Transfer Protocol (HTTP) is perhaps the most significant

protocol used on the Internet today. Web services, network-enabled

appliances and the growth of network computing continue to expand the

role of the HTTP protocol beyond user-driven web browsers, and increase

the number of applications that may require HTTP support.

Although the java.net package provides basic support for accessing

resources via HTTP, it doesn't provide the full flexibility or

functionality needed by many applications. The Jakarta Commons HTTP

Client component seeks to fill this void by providing an efficient,

up-to-date, and feature-rich package implementing the client side of the

most recent HTTP standards and recommendations.

Designed for extension while providing robust support for the base HTTP

protocol, the HTTP Client component may be of interest to anyone

building HTTP-aware client applications such as web browsers, web

service clients, or systems that leverage or extend the HTTP protocol

for distributed communication.

This update fixes CVE-2015-5262 denial of service security vulnerability by respectinc configured SO_TIMEOUT parameter during SSL handshake.