Advisories » MGASA-2014-0347

Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability

Publication date: 25 Aug 2014
Modification date: 25 Aug 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2012-6153

Description

Updated jakarta-commons-httpclient and httpcomponents-client packages fix
security vulnerability:

The Jakarta Commons HttpClient and Apache httpcomponents HttpClient
components may be susceptible to a 'Man in the Middle Attack' due to a flaw
in the default hostname verification during SSL/TLS when a specially crafted
server side certificate is used (CVE-2012-6153).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13932
• http://mail-archives.apache.org/mod_mbox/www-announce/201408.mbox/CVE-2014-3577
• https://rhn.redhat.com/errata/RHSA-2014-1082.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6153

SRPMS

3/core

• jakarta-commons-httpclient-3.1-10.1.mga3
• httpcomponents-client-4.2.5-1.mga3