Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 428
Alerts This Week
Warning Icon 1 428

Fedora 23: FEDORA-2016-65b7608d8b Critical: OkHttp Certificate Bypass

fedora
Calendar Grey February 29, 2016
Dist Fedora Esm H88
This patch addresses a vulnerability in OkHttp that enables it to skip certificate verification, which impacts users on Fedora 23.
This update fixes a security vulnerability which allows an attacker to bypass certificate pinning and cause OkHttp not not to validate that the pinned certificate was in the chain ...

Summary

An HTTP+SPDY client for Android and Java applications.

Update Information:

This update fixes a security vulnerability which allows an attacker to bypass certificate pinning and cause OkHttp not not to validate that the pinned certificate was in the chain to a trusted certificate authority.

Change Log

References


[ 1 ] Bug #1308851 - CVE-2016-2402 okhttp: certificate pining bypass https://bugzilla.redhat.com/show_bug.cgi?id=1308851

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update okhttp' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: okhttp
Product: Fedora 23
Version: 2.7.4
Release: 1.fc23
Summary: An HTTP+SPDY client for Java applications

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.