--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-15589
2015-10-01 15:59:58.767242
--------------------------------------------------------------------------------

Name        : jakarta-commons-httpclient
Product     : Fedora 22
Version     : 3.1
Release     : 23.fc22
URL         : https://hc.apache.org/httpclient-legacy/
Summary     : Jakarta Commons HTTPClient implements the client side of HTTP standards
Description :
The Hyper-Text Transfer Protocol (HTTP) is perhaps the most significant
protocol used on the Internet today. Web services, network-enabled
appliances and the growth of network computing continue to expand the
role of the HTTP protocol beyond user-driven web browsers, and increase
the number of applications that may require HTTP support.
Although the java.net package provides basic support for accessing
resources via HTTP, it doesn't provide the full flexibility or
functionality needed by many applications. The Jakarta Commons HTTP
Client component seeks to fill this void by providing an efficient,
up-to-date, and feature-rich package implementing the client side of the
most recent HTTP standards and recommendations.
Designed for extension while providing robust support for the base HTTP
protocol, the HTTP Client component may be of interest to anyone
building HTTP-aware client applications such as web browsers, web
service clients, or systems that leverage or extend the HTTP protocol
for distributed communication.

--------------------------------------------------------------------------------
Update Information:

This update fixes CVE-2015-5262 denial of service security vulnerability by
respectinc configured SO_TIMEOUT parameter during SSL handshake.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1261538 - CVE-2015-5262 jakarta-commons-httpclient, httpcomponents-core: missing HTTPS connection timeout
        https://bugzilla.redhat.com/show_bug.cgi?id=1261538
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use
su -c 'yum update jakarta-commons-httpclient' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/

Fedora 22: jakarta-commons-httpclient Security Update

October 1, 2015
This update fixes CVE-2015-5262 denial of service security vulnerability by respectinc configured SO_TIMEOUT parameter during SSL handshake.

Summary

The Hyper-Text Transfer Protocol (HTTP) is perhaps the most significant

protocol used on the Internet today. Web services, network-enabled

appliances and the growth of network computing continue to expand the

role of the HTTP protocol beyond user-driven web browsers, and increase

the number of applications that may require HTTP support.

Although the java.net package provides basic support for accessing

resources via HTTP, it doesn't provide the full flexibility or

functionality needed by many applications. The Jakarta Commons HTTP

Client component seeks to fill this void by providing an efficient,

up-to-date, and feature-rich package implementing the client side of the

most recent HTTP standards and recommendations.

Designed for extension while providing robust support for the base HTTP

protocol, the HTTP Client component may be of interest to anyone

building HTTP-aware client applications such as web browsers, web

service clients, or systems that leverage or extend the HTTP protocol

for distributed communication.

Update Information:

This update fixes CVE-2015-5262 denial of service security vulnerability by respectinc configured SO_TIMEOUT parameter during SSL handshake.

Change Log

References

[ 1 ] Bug #1261538 - CVE-2015-5262 jakarta-commons-httpclient, httpcomponents-core: missing HTTPS connection timeout https://bugzilla.redhat.com/show_bug.cgi?id=1261538

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update jakarta-commons-httpclient' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : jakarta-commons-httpclient
Product : Fedora 22
Version : 3.1
Release : 23.fc22
URL : https://hc.apache.org/httpclient-legacy/
Summary : Jakarta Commons HTTPClient implements the client side of HTTP standards

Related News

Defending Against Malicious Web Shells: Lessons from the Apache AXIS Server Attack
2 - 4 min read
Hackers have recently been observed actively targeting the Apache AXIS server to deploy malicious web shells, exposing significant vulnerabilities
Emerging Mallox Ransomware Variant Targets Linux Using Kryptina Code
3 - 5 min read
A new variant of the Mallox ransomware, which traditionally targeted Windows systems, has been observed targeting Linux environments. This
TeamTNT Hackers Attacking VPS Servers Running CentOS
3 - 5 min read
Security researchers have recently observed an alarming resurgence of TeamTNT , a notorious hacking group known for targeting cloud infrastructures.
Google Chrome 129: Addressing Crucial Vulnerabilities and Enhancing Security
2 - 4 min read
Google Chrome remains the crown jewel in the browser market, with an impressive user base of approximately 3.45 billion. However, this immense
Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
2 - 4 min read
Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
3 - 5 min read
CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three
Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved