Date: Mon, 15 Sep 2014 17:10:39 +0000
Reply-To: scientific-linux-users@listserv.fnal.gov
Sender: Security Errata for Scientific Linux
From: Pat Riehecky
Subject: Security ERRATA Important: axis on SL5.x, SL6.x i386/x86_64
MIME-Version: 1.0
Synopsis: Important: axis security update
Advisory ID: SLSA-2014:1193-1
Issue Date: 2014-09-15
CVE Numbers: CVE-2014-3596
--
It was discovered that Axis incorrectly extracted the host name from an
X.509 certificate subject's Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate. (CVE-2014-3596)
Applications using Apache Axis must be restarted for this update to take
effect.
--
SL5
x86_64
axis-1.2.1-2jpp.8.el5_10.x86_64.rpm
axis-debuginfo-1.2.1-2jpp.8.el5_10.x86_64.rpm
axis-javadoc-1.2.1-2jpp.8.el5_10.x86_64.rpm
axis-manual-1.2.1-2jpp.8.el5_10.x86_64.rpm
i386
axis-1.2.1-2jpp.8.el5_10.i386.rpm
axis-debuginfo-1.2.1-2jpp.8.el5_10.i386.rpm
axis-javadoc-1.2.1-2jpp.8.el5_10.i386.rpm
axis-manual-1.2.1-2jpp.8.el5_10.i386.rpm
SL6
noarch
axis-1.2.1-7.5.el6_5.noarch.rpm
axis-javadoc-1.2.1-7.5.el6_5.noarch.rpm
axis-manual-1.2.1-7.5.el6_5.noarch.rpm
- Scientific Linux Development Team
SciLinux: CVE-2014-3596 Important: axis SL5.x, SL6.x i386/x86_64
Important: axis security update
Summary
Important: axis security update
Security Fixes
Severity
Advisory ID: SLSA-2014:1193-1
Issued Date: : 2014-09-15
CVE Numbers: CVE-2014-3596
It was discovered that Axis incorrectly extracted the host name from an
News
HOWTOs
About Us
Powered By
