Ubuntu 12.04 LTS USN-2769-1 Moderate: Commons HttpClient Man In The Middle
Oct 14, 2015
•
LinuxSecurity Advisories
1 - 2 min read
Several security issues were fixed in commons-httpclient.
=========================================================================Ubuntu Security Notice USN-2769-1 October 14, 2015 commons-httpclient vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in commons-httpclient. Software Description: - commons-httpclient: A Java(TM) library for creating HTTP clients Details: It was discovered that Apache Commons HttpClient did not properly verify the Common Name or subjectAltName fields of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-5783) Florian Weimer discovered the fix for CVE-2012-5783 was incomplete for Apache Commons HttpClient. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-6153) Subodh Iyengar and Will Shackleton discovered the fix for CVE-2012-5783 was incomplete for Apache Commons HttpClient. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2014-3577) It was discovered that Apache Commons HttpClient did not properly handle read timeouts during HTTPS handshakes. A remote attacker could trigger this flaw to cause a denial of service. (CVE-2015-5262) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: libcommons-httpclient-java 3.1-10.2ubuntu0.15.04.1 Ubuntu 14.04 LTS: libcommons-httpclient-java 3.1-10.2ubuntu0.14.04.1 Ubuntu 12.04 LTS: libcommons-httpclient-java 3.1-10ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2769-1 CVE-2012-5783, CVE-2012-6153, CVE-2014-3577, CVE-2015-5262 Package Information: https://launchpad.net/ubuntu/+source/commons-httpclient/3.1-10.2ubuntu0.15.04.1 https://launchpad.net/ubuntu/+source/commons-httpclient/3.1-10.2ubuntu0.14.04.1 https://launchpad.net/ubuntu/+source/commons-httpclient/3.1-10ubuntu0.1
PREVIOUS
NEXT
Ubuntu 12.04 LTS USN-2769-1 Moderate: Commons HttpClient Man In The Middle
ubuntu
October 14, 2015
Several security issues were fixed in commons-httpclient.
Summary
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: libcommons-httpclient-java 3.1-10.2ubuntu0.15.04.1 Ubuntu 14.04 LTS: libcommons-httpclient-java 3.1-10.2ubuntu0.14.04.1 Ubuntu 12.04 LTS: libcommons-httpclient-java 3.1-10ubuntu0.1 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-2769-1
CVE-2012-5783, CVE-2012-6153, CVE-2014-3577, CVE-2015-5262
October 14, 2015
Package Information
https://launchpad.net/ubuntu/+source/commons-httpclient/3.1-10.2ubuntu0.15.04.1 https://launchpad.net/ubuntu/+source/commons-httpclient/3.1-10.2ubuntu0.14.04.1 https://launchpad.net/ubuntu/+source/commons-httpclient/3.1-10ubuntu0.1
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!