Scientific Linux: SLSA-2014:1193-1 Important Axis Security Update

Sep 15, 2014 •

LinuxSecurity Advisories

1 - 2 min read

Scientific Large Esm H500

Topics Covered

security advisory security update important man-in-the-middle axis scientific linux

Important: axis security update

Date: Mon, 15 Sep 2014 17:10:39 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: axis on SL5.x, SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: axis security update
Advisory ID: SLSA-2014:1193-1
Issue Date: 2014-09-15
CVE Numbers: CVE-2014-3596
--

It was discovered that Axis incorrectly extracted the host name from an
X.509 certificate subject's Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate. (CVE-2014-3596)

Applications using Apache Axis must be restarted for this update to take
effect.
--

SL5
 x86_64
 axis-1.2.1-2jpp.8.el5_10.x86_64.rpm
 axis-debuginfo-1.2.1-2jpp.8.el5_10.x86_64.rpm
 axis-javadoc-1.2.1-2jpp.8.el5_10.x86_64.rpm
 axis-manual-1.2.1-2jpp.8.el5_10.x86_64.rpm
 i386
 axis-1.2.1-2jpp.8.el5_10.i386.rpm
 axis-debuginfo-1.2.1-2jpp.8.el5_10.i386.rpm
 axis-javadoc-1.2.1-2jpp.8.el5_10.i386.rpm
 axis-manual-1.2.1-2jpp.8.el5_10.i386.rpm
SL6
 noarch
 axis-1.2.1-7.5.el6_5.noarch.rpm
 axis-javadoc-1.2.1-7.5.el6_5.noarch.rpm
 axis-manual-1.2.1-7.5.el6_5.noarch.rpm

- Scientific Linux Development Team

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here