drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in jakarta-commons-httpclient
Name: |
Mehrere Probleme in jakarta-commons-httpclient |
|
ID: |
FEDORA-2014-9581 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 20 |
|
Datum: |
Mi, 27. August 2014, 08:38 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577 |
|
Applikationen: |
Apache HttpClient |
|
Originalnachricht |
Name : jakarta-commons-httpclient Product : Fedora 20 Version : 3.1 Release : 15.fc20 URL : http://jakarta.apache.org/commons/httpclient/ Summary : Jakarta Commons HTTPClient implements the client side of HTTP standards Description : The Hyper-Text Transfer Protocol (HTTP) is perhaps the most significant protocol used on the Internet today. Web services, network-enabled appliances and the growth of network computing continue to expand the role of the HTTP protocol beyond user-driven web browsers, and increase the number of applications that may require HTTP support. Although the java.net package provides basic support for accessing resources via HTTP, it doesn't provide the full flexibility or functionality needed by many applications. The Jakarta Commons HTTP Client component seeks to fill this void by providing an efficient, up-to-date, and feature-rich package implementing the client side of the most recent HTTP standards and recommendations. Designed for extension while providing robust support for the base HTTP protocol, the HTTP Client component may be of interest to anyone building HTTP-aware client applications such as web browsers, web service clients, or systems that leverage or extend the HTTP protocol for distributed communication.
------------------------------------------------------------------------------- - Update Information:
Security fix for CVE-2014-3577, CVE-2012-6153 ------------------------------------------------------------------------------- - ChangeLog:
* Mon Aug 18 2014 Michal Srb <msrb@redhat.com> - 1:3.1-15 - Fix MITM security vulnerability - Resolves: CVE-2014-3577 ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1129074 - CVE-2014-3577 Apache HttpComponents client: SSL hostname verification bypass, incomplete CVE-2012-6153 fix https://bugzilla.redhat.com/show_bug.cgi?id=1129074 [ 2 ] Bug #1129916 - CVE-2012-6153 Apache HttpComponents client: SSL hostname verification bypass, incomplete CVE-2012-5783 fix https://bugzilla.redhat.com/show_bug.cgi?id=1129916 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update jakarta-commons-httpclient' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|