Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Mon, 8 Sep 2014 19:16:30 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Important: jakarta-commons-httpclient on SL5.x, SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Important: thunderbird security update Advisory ID: SLSA-2014:1166-1 Issue Date: 2014-09-08 CVE Numbers: CVE-2014-3577 -- It was discovered that the HTTPClient incorrectly extracted host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3577) -- SL5 x86_64 jakarta-commons-httpclient-debuginfo-3.0-7jpp.4.el5_10.x86_64.rpm jakarta-commons-httpclient-demo-3.0-7jpp.4.el5_10.x86_64.rpm jakarta-commons-httpclient-javadoc-3.0-7jpp.4.el5_10.x86_64.rpm jakarta-commons-httpclient-manual-3.0-7jpp.4.el5_10.x86_64.rpm i386 jakarta-commons-httpclient-3.0-7jpp.4.el5_10.i386.rpm jakarta-commons-httpclient-debuginfo-3.0-7jpp.4.el5_10.i386.rpm jakarta-commons-httpclient-demo-3.0-7jpp.4.el5_10.i386.rpm jakarta-commons-httpclient-javadoc-3.0-7jpp.4.el5_10.i386.rpm jakarta-commons-httpclient-manual-3.0-7jpp.4.el5_10.i386.rpm SL6 x86_64 jakarta-commons-httpclient-3.1-0.9.el6_5.x86_64.rpm jakarta-commons-httpclient-debuginfo-3.1-0.9.el6_5.x86_64.rpm jakarta-commons-httpclient-demo-3.1-0.9.el6_5.x86_64.rpm jakarta-commons-httpclient-javadoc-3.1-0.9.el6_5.x86_64.rpm jakarta-commons-httpclient-manual-3.1-0.9.el6_5.x86_64.rpm i386 jakarta-commons-httpclient-3.1-0.9.el6_5.i686.rpm jakarta-commons-httpclient-debuginfo-3.1-0.9.el6_5.i686.rpm jakarta-commons-httpclient-demo-3.1-0.9.el6_5.i686.rpm jakarta-commons-httpclient-javadoc-3.1-0.9.el6_5.i686.rpm jakarta-commons-httpclient-manual-3.1-0.9.el6_5.i686.rpm - Scientific Linux Development Team