Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 428
Alerts This Week
Warning Icon 1 428

Fedora 23: FEDORA-2016-65b7608d8b Critical: Okio Certificate Bypass

fedora
Calendar Grey February 29, 2016
Dist Fedora Esm H88
This patch addresses a significant vulnerability that permitted a bypass in SSL certificate validation within Okio for Fedora 23, thereby improving system integrity.
This update fixes a security vulnerability which allows an attacker to bypass certificate pinning and cause OkHttp not not to validate that the pinned certificate was in the chain ...

Summary

Okio is a new library that complements java.io and java.nio to make it

much easier to access, store, and process data.

Update Information:

This update fixes a security vulnerability which allows an attacker to bypass certificate pinning and cause OkHttp not not to validate that the pinned certificate was in the chain to a trusted certificate authority.

Change Log

References


[ 1 ] Bug #1308851 - CVE-2016-2402 okhttp: certificate pining bypass https://bugzilla.redhat.com/show_bug.cgi?id=1308851

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update okio' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: okio
Product: Fedora 23
Version: 1.6.0
Release: 1.fc23
Summary: Java I/O library

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.